From 5f3b4d6fe4734e4ef1746a0c5d305370d3d29487 Mon Sep 17 00:00:00 2001 From: Vincent Labrecque Date: Fri, 21 Jun 2002 05:37:21 +0000 Subject: fix bad usage of strlcpy()'s return value. (made pointers point beyond the boundaries of buffers) ok deraadt@ --- usr.bin/mg/extend.c | 9 ++++++--- usr.bin/mg/fileio.c | 23 +++++++++++++++++------ usr.bin/mg/help.c | 9 ++++++--- 3 files changed, 29 insertions(+), 12 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/mg/extend.c b/usr.bin/mg/extend.c index da4a51c56e9..b7841d0faa5 100644 --- a/usr.bin/mg/extend.c +++ b/usr.bin/mg/extend.c @@ -1,4 +1,4 @@ -/* $OpenBSD: extend.c,v 1.25 2002/05/29 12:28:45 vincent Exp $ */ +/* $OpenBSD: extend.c,v 1.26 2002/06/21 05:37:20 vincent Exp $ */ /* * Extended (M-X) commands, rebinding, and startup file processing. @@ -319,7 +319,7 @@ dobind(KEYMAP *curmap, const char *p, int unbind) PF funct; char prompt[80]; char *pep; - int c, s; + int c, s, n; #ifndef NO_MACRO if (macrodef) { @@ -345,7 +345,10 @@ dobind(KEYMAP *curmap, const char *p, int unbind) } else { #endif /* !NO_STARTUP */ #endif /* !NO_MACRO */ - pep = prompt + strlcpy(prompt, p, sizeof(prompt)); + n = strlcpy(prompt, p, sizeof prompt); + if (n >= sizeof prompt) + n = sizeof prompt - 1; + pep = prompt + n; for (;;) { ewprintf("%s", prompt); pep[-1] = ' '; diff --git a/usr.bin/mg/fileio.c b/usr.bin/mg/fileio.c index ab57e4db708..1cc5bc40c63 100644 --- a/usr.bin/mg/fileio.c +++ b/usr.bin/mg/fileio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fileio.c,v 1.30 2002/04/22 05:27:39 vincent Exp $ */ +/* $OpenBSD: fileio.c,v 1.31 2002/06/21 05:37:20 vincent Exp $ */ /* * POSIX fileio.c @@ -238,6 +238,7 @@ adjustname(const char *fn) int i, j; char linkbuf[NFILEN]; #endif + int n; switch (*fn) { case '/': @@ -247,8 +248,12 @@ adjustname(const char *fn) case '~': fn++; cp = getenv("HOME"); - if (cp != NULL && *cp != '\0' && (*fn == '/' || *fn == '\0')) { - cp = fnb + strlcpy(fnb, cp, sizeof(fnb)); + if (cp != NULL && *cp != '\0' && + (*fn == '/' || *fn == '\0')) { + n = strlcpy(fnb, cp, sizeof fnb); + if (n >= sizeof fnb) + n = sizeof fnb - 1; + cp = fnb + n; if (*fn) fn++; break; @@ -258,7 +263,10 @@ adjustname(const char *fn) *cp++ = *fn++; *cp = '\0'; if ((pwent = getpwnam(fnb)) != NULL) { - cp = fnb + strlcpy(fnb, pwent->pw_dir, sizeof(fnb)); + n = strlcpy(fnb, pwent->pw_dir, sizeof fnb); + if (n >= sizeof fnb) + n = sizeof fnb - 1; + cp = fnb + n; break; } else { fn -= strlen(fnb) + 1; @@ -267,7 +275,10 @@ adjustname(const char *fn) } default: #ifndef NODIR - cp = fnb + strlcpy(fnb, wdir, sizeof(fnb)); + n = strlcpy(fnb, wdir, sizeof fnb); + if (n >= sizeof fnb) + n = sizeof fnb - 1; + cp = fnb + n; break; #else return fn; /* punt */ @@ -504,7 +515,7 @@ d_makename(LINE *lp, char *fn, int len) { int i; char *p, *np; - + strlcpy(fn, curbp->b_fname, len); p = lp->l_text; for (i = 0; i < NAME_FIELD; i++) { diff --git a/usr.bin/mg/help.c b/usr.bin/mg/help.c index 8b9e00c3c04..f16bc79441d 100644 --- a/usr.bin/mg/help.c +++ b/usr.bin/mg/help.c @@ -1,4 +1,4 @@ -/* $OpenBSD: help.c,v 1.17 2002/03/16 19:30:29 vincent Exp $ */ +/* $OpenBSD: help.c,v 1.18 2002/06/21 05:37:20 vincent Exp $ */ /* * Help functions for Mg 2 @@ -28,7 +28,7 @@ desckey(f, n) { KEYMAP *curmap; PF funct; - int c, m, i; + int c, m, i, num; char *pep; char prompt[80]; @@ -36,7 +36,10 @@ desckey(f, n) if (inmacro) return TRUE; /* ignore inside keyboard macro */ #endif /* !NO_MACRO */ - pep = prompt + strlcpy(prompt, "Describe key briefly: ", sizeof(prompt)); + num = strlcpy(prompt, "Describe key briefly: ", sizeof(prompt)); + if (num >= sizeof prompt) + num = sizeof prompt - 1; + pep = prompt + num; key.k_count = 0; m = curbp->b_nmodes; curmap = curbp->b_modes[m]->p_map; -- cgit v1.2.3