From 16f93bdbf8cdb917f70f3596bb9a573c6a6cae69 Mon Sep 17 00:00:00 2001 From: Paul Janzen Date: Mon, 25 Jun 2001 04:08:36 +0000 Subject: A little more careful with buffers, only relevant if /etc/printcap was set up insanely wrong. --- usr.sbin/lpr/lpc/cmds.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'usr.sbin/lpr/lpc/cmds.c') diff --git a/usr.sbin/lpr/lpc/cmds.c b/usr.sbin/lpr/lpc/cmds.c index 8c04c7d4dcb..188afad532a 100644 --- a/usr.sbin/lpr/lpc/cmds.c +++ b/usr.sbin/lpr/lpc/cmds.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmds.c,v 1.11 2001/06/22 15:27:20 lebel Exp $ */ +/* $OpenBSD: cmds.c,v 1.12 2001/06/25 04:08:35 pjanzen Exp $ */ /* * Copyright (c) 1983, 1993 @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)cmds.c 8.2 (Berkeley) 4/28/95"; #else -static char rcsid[] = "$OpenBSD: cmds.c,v 1.11 2001/06/22 15:27:20 lebel Exp $"; +static char rcsid[] = "$OpenBSD: cmds.c,v 1.12 2001/06/25 04:08:35 pjanzen Exp $"; #endif #endif /* not lint */ @@ -324,6 +324,10 @@ cleanpr() for (lp = line, cp = SD; (lp - line) < sizeof(line) && (*lp++ = *cp++);) ; lp[-1] = '/'; + if (lp - line >= sizeof(line)) { + printf("\tspool directory name too long\n"); + return; + } seteuid(euid); nitems = scandir(SD, &queue, doselect, sortq); @@ -347,8 +351,11 @@ cleanpr() n++; } if (n == 0) { - strlcpy(lp, cp, sizeof(line) - strlen(line)); - unlinkf(line); + if (strlcpy(lp, cp, sizeof(line) - (lp - line)) >= + sizeof(line) - (lp - line)) + printf("\tpath too long, %s/%s", SD, cp); + else + unlinkf(line); } } else { /* @@ -356,8 +363,11 @@ cleanpr() * been skipped above) or a tf file (which can always * be removed). */ - strlcpy(lp, cp, sizeof(line) - strlen(line)); - unlinkf(line); + if (strlcpy(lp, cp, sizeof(line) - (lp - line)) >= + sizeof(line) - (lp - line)) + printf("\tpath too long, %s/%s", SD, cp); + else + unlinkf(line); } } while (++i < nitems); } -- cgit v1.2.3