diff options
| author | Thierry Deval <tdeval@cvs.openbsd.org> | 2003-05-14 21:13:44 +0000 |
|---|---|---|
| committer | Thierry Deval <tdeval@cvs.openbsd.org> | 2003-05-14 21:13:44 +0000 |
| commit | 95e99501a16684d35b5bf02b5c624b65ba5ec561 (patch) | |
| tree | 444b59b6b75cd1f864e8e6ede3adafe179424985 /sys/isofs/cd9660 | |
| parent | e469ab1e91029867b5504f2442f9c2eb9075ce3a (diff) | |
strcpy + size check
ok tedu@
Diffstat (limited to 'sys/isofs/cd9660')
| -rw-r--r-- | sys/isofs/cd9660/cd9660_rrip.c | 4 | ||||
| -rw-r--r-- | sys/isofs/cd9660/cd9660_vnops.c | 11 |
2 files changed, 9 insertions, 6 deletions
diff --git a/sys/isofs/cd9660/cd9660_rrip.c b/sys/isofs/cd9660/cd9660_rrip.c index db1f0e6e0d7..1d23c101112 100644 --- a/sys/isofs/cd9660/cd9660_rrip.c +++ b/sys/isofs/cd9660/cd9660_rrip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cd9660_rrip.c,v 1.6 2002/03/14 01:27:03 millert Exp $ */ +/* $OpenBSD: cd9660_rrip.c,v 1.7 2003/05/14 21:13:43 tdeval Exp $ */ /* $NetBSD: cd9660_rrip.c,v 1.17 1997/01/24 00:27:32 cgd Exp $ */ /*- @@ -298,7 +298,7 @@ cd9660_rrip_defname(v, ana) { struct iso_directory_record *isodir = v; - strcpy(ana->outbuf, ".."); + strlcpy(ana->outbuf, "..", ana->maxlen - *ana->outlen); switch (*isodir->name) { default: isofntrans(isodir->name, isonum_711(isodir->name_len), diff --git a/sys/isofs/cd9660/cd9660_vnops.c b/sys/isofs/cd9660/cd9660_vnops.c index c9d14853f51..beeac933245 100644 --- a/sys/isofs/cd9660/cd9660_vnops.c +++ b/sys/isofs/cd9660/cd9660_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cd9660_vnops.c,v 1.25 2003/05/07 23:01:24 deraadt Exp $ */ +/* $OpenBSD: cd9660_vnops.c,v 1.26 2003/05/14 21:13:43 tdeval Exp $ */ /* $NetBSD: cd9660_vnops.c,v 1.42 1997/10/16 23:56:57 christos Exp $ */ /*- @@ -788,7 +788,8 @@ cd9660_readlink(v) * Now get a buffer * Abuse a namei buffer for now. */ - if (uio->uio_segflg == UIO_SYSSPACE) + if (uio->uio_segflg == UIO_SYSSPACE && + uio->uio_iov->iov_len >= MAXPATHLEN) symname = uio->uio_iov->iov_base; else MALLOC(symname, char *, MAXPATHLEN, M_NAMEI, M_WAITOK); @@ -797,7 +798,8 @@ cd9660_readlink(v) * Ok, we just gathering a symbolic name in SL record. */ if (cd9660_rrip_getsymname(dirp, symname, &symlen, imp) == 0) { - if (uio->uio_segflg != UIO_SYSSPACE) + if (uio->uio_segflg != UIO_SYSSPACE || + uio->uio_iov->iov_len >= MAXPATHLEN) FREE(symname, M_NAMEI); brelse(bp); return (EINVAL); @@ -810,7 +812,8 @@ cd9660_readlink(v) /* * return with the symbolic name to caller's. */ - if (uio->uio_segflg != UIO_SYSSPACE) { + if (uio->uio_segflg != UIO_SYSSPACE || + uio->uio_iov->iov_len < MAXPATHLEN) { error = uiomove(symname, symlen, uio); FREE(symname, M_NAMEI); return (error); |