diff options
| author | Joris Vink <joris@cvs.openbsd.org> | 2006-04-02 02:01:41 +0000 |
|---|---|---|
| committer | Joris Vink <joris@cvs.openbsd.org> | 2006-04-02 02:01:41 +0000 |
| commit | ba47cc3603fd9b578c7c18db6c41a60dd45e8669 (patch) | |
| tree | aa3289d9edea08b26ee37cb4c38000299f2ec248 /usr.bin | |
| parent | 8e84cd1748016ef87149449f494d94be8fc0d394 (diff) | |
be more alert for string truncation in cvs_initlog()
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/cvs/proto.c | 41 |
1 files changed, 29 insertions, 12 deletions
diff --git a/usr.bin/cvs/proto.c b/usr.bin/cvs/proto.c index 9c2da6974d2..f7cab44192e 100644 --- a/usr.bin/cvs/proto.c +++ b/usr.bin/cvs/proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proto.c,v 1.92 2006/04/01 01:20:21 joris Exp $ */ +/* $OpenBSD: proto.c,v 1.93 2006/04/02 02:01:40 joris Exp $ */ /* * Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org> * All rights reserved. @@ -938,8 +938,12 @@ cvs_initlog(void) if ((s = strchr(envdup, '%')) != NULL) *s = '\0'; - strlcpy(buf, env, sizeof(buf)); - strlcpy(rpath, envdup, sizeof(rpath)); + if (strlcpy(buf, env, sizeof(buf)) >= sizeof(buf)) + fatal("string truncation in cvs_initlog"); + + if (strlcpy(rpath, envdup, sizeof(rpath)) >= sizeof(rpath)) + fatal("string truncation in cvs_initlog"); + xfree(envdup); s = buf; @@ -947,20 +951,27 @@ cvs_initlog(void) s++; switch (*s) { case 'c': - strlcpy(fpath, cvs_command, sizeof(fpath)); + if (strlcpy(fpath, cvs_command, sizeof(fpath)) >= + sizeof(fpath)) + fatal("string truncation in cvs_initlog"); break; case 'd': time(&now); - strlcpy(fpath, ctime(&now), sizeof(fpath)); + if (strlcpy(fpath, ctime(&now), sizeof(fpath)) >= + sizeof(fpath)) + fatal("string truncation in cvs_initlog"); break; case 'p': snprintf(fpath, sizeof(fpath), "%d", getpid()); break; case 'u': - if ((pwd = getpwuid(getuid())) != NULL) - strlcpy(fpath, pwd->pw_name, sizeof(fpath)); - else + if ((pwd = getpwuid(getuid())) != NULL) { + if (strlcpy(fpath, pwd->pw_name, + sizeof(fpath)) >= sizeof(fpath)) + fatal("truncation in cvs_initlog"); + } else { fpath[0] = '\0'; + } endpwent(); break; default: @@ -969,8 +980,12 @@ cvs_initlog(void) } if (fpath[0] != '\0') { - strlcat(rpath, "-", sizeof(rpath)); - strlcat(rpath, fpath, sizeof(rpath)); + if (strlcat(rpath, "-", sizeof(rpath)) >= sizeof(rpath)) + fatal("string truncation cvs_initlog"); + + if (strlcat(rpath, fpath, sizeof(rpath)) + >= sizeof(rpath)) + fatal("string truncation in cvs_initlog"); } } @@ -983,7 +998,8 @@ cvs_initlog(void) continue; if (errno != ENOENT) - fatal("cvs_initlog() stat failed '%s'", strerror(errno)); + fatal("cvs_initlog() stat failed '%s'", + strerror(errno)); break; } @@ -1001,7 +1017,8 @@ cvs_initlog(void) continue; if (errno != ENOENT) - fatal("cvs_initlog() stat failed '%s'", strerror(errno)); + fatal("cvs_initlog() stat failed '%s'", + strerror(errno)); break; } |