jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-12-04 05:58:57 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix a number of buffer overflow conditions.

Browse Source 
PR:		bin/4610
Submitted by:	David Holland (dholland@burgundy.eecs.harvard.edu)
This commit is contained in:
Joerg Wunsch 1997-10-19 10:42:39 +00:00
parent 59dcbbb234
commit e91727715c
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=30570
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
usr.sbin/bootparamd/bootparamd/bootparamd.c
View File

@ -9,7 +9,7 @@ use and modify. Please send modifications and/or suggestions + bug fixes to
#ifndef lint
static const char rcsid[] =
"$Id$";
"$Id: bootparamd.c,v 1.7 1997/09/04 11:49:24 charnier Exp $";
#endif /* not lint */
#include <rpc/rpc.h>
@ -39,7 +39,7 @@ static char path[MAX_PATH_LEN];
static char domain_name[MAX_MACHINE_NAME];
int getthefile __P((char *, char *, char *));
int checkhost __P((char *, char *));
int checkhost __P((char *, char *, int));
bp_whoami_res *
bootparamproc_whoami_1(whoami)
@ -68,8 +68,10 @@ bp_whoami_arg *whoami;
if (debug) warnx("this is host %s", he->h_name);
if (dolog) syslog(LOG_NOTICE,"This is host %s\n", he->h_name);
strcpy(askname, he->h_name);
if (checkhost(askname, hostname) ) {
strncpy(askname, he->h_name, sizeof(askname));
askname[sizeof(askname)-1] = 0;
if (checkhost(askname, hostname, sizeof hostname) ) {
res.client_name = hostname;
getdomainname(domain_name, MAX_MACHINE_NAME);
res.domain_name = domain_name;
@ -123,7 +125,9 @@ bp_getfile_arg *getfile;
he = gethostbyname(getfile->client_name);
if (! he ) goto failed;
strcpy(askname,he->h_name);
strncpy(askname, he->h_name, sizeof(askname));
askname[sizeof(askname)-1] = 0;
if (getthefile(askname, getfile->file_id,buffer)) {
if ( (where = index(buffer,':')) ) {
/* buffer is re-written to contain the name of the info of file */
@ -194,7 +198,8 @@ char *fileid, *buffer;
if ( ! bpf )
errx(1, "no %s", bootpfile);
while ( fscanf(bpf, "%s", hostname) > 0 && !match ) {
/* XXX see comment below */
while ( fscanf(bpf, "%255s", hostname) > 0 && !match ) {
if ( *hostname != '#' ) { /* comment */
if ( ! strcmp(hostname, askname) ) {
match = 1;
@ -269,9 +274,10 @@ char *fileid, *buffer;
name for a host in the database */
int
checkhost(askname, hostname)
checkhost(askname, hostname, len)
char *askname;
char *hostname;
int len;
{
int ch, pch;
FILE *bpf;
@ -286,7 +292,9 @@ char *hostname;
if ( ! bpf )
errx(1, "no %s", bootpfile);
while ( fscanf(bpf, "%s", hostname) > 0 ) {
/* XXX there is no way in ISO C to specify the maximal length for a
conversion in a variable way */
while ( fscanf(bpf, "%254s", hostname) > 0 ) {
if ( *hostname != '#' ) { /* comment */
if ( ! strcmp(hostname, askname) ) {
/* return true for match of hostname */
@ -314,7 +322,7 @@ char *hostname;
he = gethostbyname(askname);
if (he && !strcmp(askname, he->h_name)) {
res = 1;
sprintf(hostname,"%s", he->h_name);
snprintf(hostname, len, "%s", he->h_name);
}
}
if (fclose(bpf))