diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-08-30 03:39:22 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-08-30 03:39:22 +0000 |
| commit | a528a24d4ebd9f36f20df113dfc94b37b2a37b72 (patch) | |
| tree | 34ad7595e7011113250da31f7e83a325dfe2eff0 /usr.sbin/named/nslookup | |
| parent | e0f0fc164b9c4554dbca60b9c1df8c30d35598d7 (diff) | |
buckets of scanf overflows
Diffstat (limited to 'usr.sbin/named/nslookup')
| -rw-r--r-- | usr.sbin/named/nslookup/list.c | 22 | ||||
| -rw-r--r-- | usr.sbin/named/nslookup/main.c | 36 | ||||
| -rw-r--r-- | usr.sbin/named/nslookup/subr.c | 11 |
3 files changed, 48 insertions, 21 deletions
diff --git a/usr.sbin/named/nslookup/list.c b/usr.sbin/named/nslookup/list.c index cf26720f5b1..701a78810a6 100644 --- a/usr.sbin/named/nslookup/list.c +++ b/usr.sbin/named/nslookup/list.c @@ -1,4 +1,4 @@ -/* $OpenBSD: list.c,v 1.2 1997/03/12 10:42:47 downsj Exp $ */ +/* $OpenBSD: list.c,v 1.3 1998/08/30 03:39:19 deraadt Exp $ */ /* * ++Copyright++ 1985, 1989 @@ -60,7 +60,7 @@ static char sccsid[] = "@(#)list.c 5.23 (Berkeley) 3/21/91"; static char rcsid[] = "$From: list.c,v 8.9 1996/11/26 10:11:26 vixie Exp $"; #else -static char rcsid[] = "$OpenBSD: list.c,v 1.2 1997/03/12 10:42:47 downsj Exp $"; +static char rcsid[] = "$OpenBSD: list.c,v 1.3 1998/08/30 03:39:19 deraadt Exp $"; #endif #endif /* not lint */ @@ -156,13 +156,16 @@ ListHostsByType(string, putToFile) char *namePtr; char name[NAME_LEN]; char option[NAME_LEN]; + char get[80]; /* * Parse the command line. It maybe of the form "ls -t domain" * or "ls -t type domain". */ - i = sscanf(string, " ls -t %s %s", option, name); + snprintf(get, sizeof get, " ls -t %%%ds %%%ds", sizeof option-1, + sizeof name-1); + i = sscanf(string, get, option, name); if (putToFile && i == 2 && name[0] == '>') { i--; } @@ -193,12 +196,15 @@ ListHosts(string, putToFile) char *namePtr; char name[NAME_LEN]; char option[NAME_LEN]; + char get[80]; /* * Parse the command line. It maybe of the form "ls domain", * "ls -X domain". */ - i = sscanf(string, " ls %s %s", option, name); + snprintf(get, sizeof get, " ls -t %%%ds %%%ds", sizeof option-1, + sizeof name-1); + i = sscanf(string, get, option, name); if (putToFile && i == 2 && name[0] == '>') { i--; } @@ -901,8 +907,10 @@ ViewList(string) { char file[PATH_MAX]; char command[PATH_MAX]; + char get[80]; - sscanf(string, " view %s", file); + snprintf(get, sizeof get, " view %%%ds", sizeof file-1); + sscanf(string, get, file); (void)sprintf(command, "grep \"^ \" %s | sort | %s", file, pager); system(command); } @@ -936,6 +944,7 @@ Finger(string, putToFile) register int lastc; char name[NAME_LEN]; char file[NAME_LEN]; + char get[80]; /* * We need a valid current host info to get an inet address. @@ -945,7 +954,8 @@ Finger(string, putToFile) return (ERROR); } - if (sscanf(string, " finger %s", name) == 1) { + snprintf(get, sizeof get, " finger %%%ds", sizeof name-1); + if (sscanf(string, get, name) == 1) { if (putToFile && (name[0] == '>')) { name[0] = '\0'; } diff --git a/usr.sbin/named/nslookup/main.c b/usr.sbin/named/nslookup/main.c index 1279f22a028..53eee46de5b 100644 --- a/usr.sbin/named/nslookup/main.c +++ b/usr.sbin/named/nslookup/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.3 1997/03/12 10:42:48 downsj Exp $ */ +/* $OpenBSD: main.c,v 1.4 1998/08/30 03:39:20 deraadt Exp $ */ /* * ++Copyright++ 1985, 1989 @@ -66,7 +66,7 @@ char copyright[] = static char sccsid[] = "@(#)main.c 5.42 (Berkeley) 3/3/91"; static char rcsid[] = "$From: main.c,v 8.4 1996/11/11 06:36:54 vixie Exp $"; #else -static char rcsid[] = "$OpenBSD: main.c,v 1.3 1997/03/12 10:42:48 downsj Exp $"; +static char rcsid[] = "$OpenBSD: main.c,v 1.4 1998/08/30 03:39:20 deraadt Exp $"; #endif #endif /* not lint */ @@ -465,6 +465,7 @@ SetDefaultServer(string, local) struct in_addr *servAddrPtr; struct in_addr addr; char newServer[NAME_LEN]; + char get[40]; int result; int i; @@ -474,12 +475,15 @@ SetDefaultServer(string, local) */ if (local) { - i = sscanf(string, " lserver %s", newServer); + snprintf(get, sizeof get, "lserver %%%ds", sizeof newServer-1); + i = sscanf(string, get, newServer); } else { - i = sscanf(string, " server %s", newServer); + snprintf(get, sizeof get, "server %%%ds", sizeof newServer-1); + i = sscanf(string, get, newServer); } if (i != 1) { - i = sscanf(string, " %s", newServer); + snprintf(get, sizeof get, " %%%ds", sizeof newServer-1); + i = sscanf(string, get, newServer); if (i != 1) { fprintf(stderr,"SetDefaultServer: invalid name: %s\n", string); return(ERROR); @@ -669,6 +673,7 @@ LookupHost(string, putToFile) { char host[NAME_LEN]; char file[PATH_MAX]; + char get[20]; int result; /* @@ -684,7 +689,8 @@ LookupHost(string, putToFile) * */ - sscanf(string, " %s", host); /* removes white space */ + snprintf(get, sizeof get, " %%%ds", sizeof host-1); + sscanf(string, get, host); /* removes white space */ if (!putToFile) { filePtr = stdout; } else { @@ -740,12 +746,15 @@ LookupHostWithServer(string, putToFile) char file[PATH_MAX]; char host[NAME_LEN]; char server[NAME_LEN]; + char get[80]; int result; + static HostInfo serverInfo; curHostValid = FALSE; - sscanf(string, " %s %s", host, server); + snprintf(get, sizeof get, " %%%ds %%%ds", sizeof host-1, sizeof server-1); + sscanf(string, get, host, server); if (!putToFile) { filePtr = stdout; } else { @@ -824,6 +833,7 @@ SetOption(option) register char *option; { char type[NAME_LEN]; + char get[40]; char *ptr; int tmp; @@ -854,7 +864,8 @@ SetOption(option) } else if (strncmp(option, "do", 2) == 0) { /* domain */ ptr = strchr(option, '='); if (ptr != NULL) { - sscanf(++ptr, "%s", _res.defdname); + snprintf(get, sizeof get, "%%%ds", sizeof _res.defdname-1); + sscanf(++ptr, get, _res.defdname); res_re_init(); } } else if (strncmp(option, "deb", 1) == 0) { /* debug */ @@ -880,13 +891,15 @@ SetOption(option) strncmp(option, "ty", 2) == 0) { /* type */ ptr = strchr(option, '='); if (ptr != NULL) { - sscanf(++ptr, "%s", type); + snprintf(get, sizeof get, "%%%ds", sizeof type-1); + sscanf(++ptr, get, type); queryType = StringToType(type, queryType, stderr); } } else if (strncmp(option, "cl", 2) == 0) { /* query class */ ptr = strchr(option, '='); if (ptr != NULL) { - sscanf(++ptr, "%s", type); + snprintf(get, sizeof get, "%%%ds", sizeof type-1); + sscanf(++ptr, get, type); queryClass = StringToClass(type, queryClass, stderr); } } else if (strncmp(option, "rec", 3) == 0) { /* recurse */ @@ -904,7 +917,8 @@ SetOption(option) } else if (strncmp(option, "ro", 2) == 0) { /* root */ ptr = strchr(option, '='); if (ptr != NULL) { - sscanf(++ptr, "%s", rootServerName); + snprintf(get, sizeof get, "%%%ds", sizeof rootServerName-1); + sscanf(++ptr, get, rootServerName); } } else if (strncmp(option, "sea", 3) == 0) { /* search list */ _res.options |= RES_DNSRCH; diff --git a/usr.sbin/named/nslookup/subr.c b/usr.sbin/named/nslookup/subr.c index fd03f6e1857..57d20caa627 100644 --- a/usr.sbin/named/nslookup/subr.c +++ b/usr.sbin/named/nslookup/subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr.c,v 1.2 1997/03/12 10:42:51 downsj Exp $ */ +/* $OpenBSD: subr.c,v 1.3 1998/08/30 03:39:21 deraadt Exp $ */ /* * ++Copyright++ 1985, 1989 @@ -60,7 +60,7 @@ static char sccsid[] = "@(#)subr.c 5.24 (Berkeley) 3/2/91"; static char rcsid[] = "$From: subr.c,v 8.6 1996/08/08 06:54:51 vixie Exp $"; #else -static char rcsid[] = "$OpenBSD: subr.c,v 1.2 1997/03/12 10:42:51 downsj Exp $"; +static char rcsid[] = "$OpenBSD: subr.c,v 1.3 1998/08/30 03:39:21 deraadt Exp $"; #endif #endif /* not lint */ @@ -343,6 +343,7 @@ OpenFile(string, file) { char *redirect; FILE *tmpPtr; + char get[80]; /* * Open an output file if we see '>' or >>'. @@ -354,10 +355,12 @@ OpenFile(string, file) return(NULL); } if (redirect[1] == '>') { - sscanf(redirect, ">> %s", file); + snprintf(get, sizeof get, ">> %%%ds", sizeof file-1); + sscanf(redirect, get, file); tmpPtr = fopen(file, "a+"); } else { - sscanf(redirect, "> %s", file); + snprintf(get, sizeof get, "> %%%ds", sizeof file-1); + sscanf(redirect, get, file); tmpPtr = fopen(file, "w"); } |