diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-10-06 23:01:44 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-10-06 23:01:44 +0000 |
| commit | ef5f615b736dd4e81f3c6bbfd3ba46de923a4c86 (patch) | |
| tree | b6926feefdee08e31bea43dce6a060204027e8cd /usr.bin | |
| parent | ff83c060f479f4de985b5dbe80c5c6c633cba2f7 (diff) | |
obvious tame "stdio". For those not keeping score, this is another
program which has had string mismanagement bugs before, probably
of the exploitable fashion.. if used in the wrong kind of script..
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/printf/printf.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.bin/printf/printf.c b/usr.bin/printf/printf.c index 289177c3bf8..f7883ea969d 100644 --- a/usr.bin/printf/printf.c +++ b/usr.bin/printf/printf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printf.c,v 1.22 2014/05/25 07:36:36 jmc Exp $ */ +/* $OpenBSD: printf.c,v 1.23 2015/10/06 23:01:43 deraadt Exp $ */ /* * Copyright (c) 1989 The Regents of the University of California. @@ -32,6 +32,7 @@ #include <ctype.h> #include <stdio.h> #include <stdlib.h> +#include <unistd.h> #include <string.h> #include <limits.h> #include <locale.h> @@ -81,6 +82,9 @@ main(int argc, char *argv[]) setlocale (LC_ALL, ""); + if (tame("stdio", NULL) == -1) + err(1, "tame"); + /* Need to accept/ignore "--" option. */ if (argc > 1 && strcmp(argv[1], "--") == 0) { argc--; |