看板 DFBSD_bugs 關於我們 聯絡資訊
發信人Scott Ullrich <geekgod@geekgod.com>,
看板DFBSD_bugs
標 題Re: libatm overflows
發信站(null) (Fri Sep 24 04:17:31 2004)
轉信站ptt!crater_reader.dragonflybsd.org!crater.dragonflybsd.org!127.0.0.1.M
Commited! Scott Christer 猇erg wrote: > There are some overflows in libatm, see attached diffs. > > > > ------------------------------------------------------------------------ > > --- lib/libatm/ioctl_subr.c 2004-09-23 22:46:46.000000000 +0200 > +++ lib/libatm/ioctl_subr.new 2004-09-23 22:42:25.000000000 +0200 > @@ -164,7 +164,7 @@ > air.air_opcode = AIOCS_INF_VCC; > UM_ZERO(air.air_vcc_intf, sizeof(air.air_vcc_intf)); > if (intf != NULL && strlen(intf) != 0) > - strcpy(air.air_vcc_intf, intf); > + strlcpy(air.air_vcc_intf, intf, IFNAMSIZ); > > buf_len = do_info_ioctl(&air, buf_len); > > @@ -384,7 +384,7 @@ > air.air_opcode = AIOCS_INF_CFG; > UM_ZERO ( air.air_cfg_intf, sizeof(air.air_cfg_intf)); > if ( intf != NULL && strlen(intf) != 0 ) > - strcpy ( air.air_cfg_intf, intf ); > + strlcpy ( air.air_cfg_intf, intf, IFNAMSIZ ); > > buf_len = do_info_ioctl ( &air, buf_len ); > > @@ -422,7 +422,7 @@ > air.air_opcode = AIOCS_INF_INT; > UM_ZERO ( air.air_int_intf, sizeof(air.air_int_intf)); > if ( intf != NULL && strlen(intf) != 0 ) > - strcpy ( air.air_int_intf, intf ); > + strlcpy ( air.air_int_intf, intf, IFNAMSIZ ); > > buf_len = do_info_ioctl ( &air, buf_len ); > > @@ -461,7 +461,7 @@ > air.air_opcode = AIOCS_INF_NIF; > UM_ZERO ( air.air_int_intf, sizeof(air.air_int_intf) ); > if ( intf != NULL && strlen(intf) != 0 ) > - strcpy ( air.air_int_intf, intf ); > + strlcpy ( air.air_int_intf, intf, IFNAMSIZ ); > > buf_len = do_info_ioctl ( &air, buf_len ); > > > > ------------------------------------------------------------------------ > > --- lib/libatm/ip_addr.c 2004-09-23 22:46:40.000000000 +0200 > +++ lib/libatm/ip_addr.new 2004-09-23 22:42:50.000000000 +0200 > @@ -122,7 +122,7 @@ > format_ip_addr(addr) > struct in_addr *addr; > { > - static char host_name[128]; > + static char host_name[MAXHOSTNAMELEN + 18]; > char *ip_num; > struct hostent *ip_host; > > @@ -152,11 +152,9 @@ > /* > * Return host name followed by dotted decimal address > */ > - strcpy(host_name, ip_host->h_name); > - strcat(host_name, " ("); > - strcat(host_name, ip_num); > - strcat(host_name, ")"); > - return(host_name); > + snprintf(host_name, sizeof(host_name), "%s (%s)", > + ip_host->h_name, ip_num); > + return (host_name); > } else { > /* > * No host name -- just return dotted decimal address