diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2003-01-08 06:54:17 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2003-01-08 06:54:17 +0000 |
commit | 93ffd28c1e8b97780c028b3ef1bd8cf2f20c9391 (patch) | |
tree | e33e80fcf4459ca2622157ba3980c90ec7a75ab7 /bin/csh/dol.c | |
parent | 36efa34ab7ac15f8cad3040dc6dd9e79aa2f717c (diff) |
bring in strlcpy and strlcat-like things for dealing with Char types,
this fixes at least 15 buffer overflows; some help from dhartmei.
Anyone want to go do the same in ksh, and help with some of the while
(*s++ = *p++) loops in here?
Diffstat (limited to 'bin/csh/dol.c')
-rw-r--r-- | bin/csh/dol.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/bin/csh/dol.c b/bin/csh/dol.c index 00567ea7c39..9e215b220c6 100644 --- a/bin/csh/dol.c +++ b/bin/csh/dol.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dol.c,v 1.10 2002/06/09 05:47:27 todd Exp $ */ +/* $OpenBSD: dol.c,v 1.11 2003/01/08 06:54:16 deraadt Exp $ */ /* $NetBSD: dol.c,v 1.8 1995/09/27 00:38:38 jtc Exp $ */ /*- @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)dol.c 8.1 (Berkeley) 5/31/93"; #else -static char rcsid[] = "$OpenBSD: dol.c,v 1.10 2002/06/09 05:47:27 todd Exp $"; +static char rcsid[] = "$OpenBSD: dol.c,v 1.11 2003/01/08 06:54:16 deraadt Exp $"; #endif #endif /* not lint */ @@ -470,7 +470,7 @@ Dgetdol() break; case '*': - (void) Strcpy(name, STRargv); + (void) Strlcpy(name, STRargv, sizeof name/sizeof(Char)); vp = adrof(STRargv); subscr = -1; /* Prevent eating [...] */ break; @@ -729,12 +729,12 @@ setDolp(cp) do { dp = Strstr(cp, lhsub); if (dp) { - np = (Char *) xmalloc((size_t) - ((Strlen(cp) + 1 - lhlen + rhlen) * - sizeof(Char))); - (void) Strncpy(np, cp, dp - cp); - (void) Strcpy(np + (dp - cp), rhsub); - (void) Strcpy(np + (dp - cp) + rhlen, dp + lhlen); + size_t len = Strlen(cp) + 1 - lhlen + rhlen; + + np = (Char *) xmalloc(len * sizeof(Char)); + (void) Strlcpy(np, cp, len); + (void) Strlcat(np, rhsub, len); + (void) Strlcat(np, dp + lhlen, len); xfree((ptr_t) cp); dp = cp = np; |