diff options
author | dholland <dholland@NetBSD.org> | 2009-06-29 23:05:33 +0000 |
---|---|---|
committer | dholland <dholland@NetBSD.org> | 2009-06-29 23:05:33 +0000 |
commit | d00a8d1e94456d45abbb7c94cd846661735277ab (patch) | |
tree | 5329ba2218576dbc5e41ed33677391627f69a23a /hack/hack.main.c | |
parent | fe1c4f849dd6242072352483d84870c6fcc974a7 (diff) | |
download | bsdgames-darwin-d00a8d1e94456d45abbb7c94cd846661735277ab.tar.gz bsdgames-darwin-d00a8d1e94456d45abbb7c94cd846661735277ab.tar.zst bsdgames-darwin-d00a8d1e94456d45abbb7c94cd846661735277ab.zip |
Fix two serious string-handling bugs (one exploitable, one probably
exploitable) and also add proper checking/paranoia in several other
places.
Diffstat (limited to 'hack/hack.main.c')
-rw-r--r-- | hack/hack.main.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/hack/hack.main.c b/hack/hack.main.c index 28eec738..05bd88f9 100644 --- a/hack/hack.main.c +++ b/hack/hack.main.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.main.c,v 1.12 2009/06/07 20:13:18 dholland Exp $ */ +/* $NetBSD: hack.main.c,v 1.13 2009/06/29 23:05:33 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include <sys/cdefs.h> #ifndef lint -__RCSID("$NetBSD: hack.main.c,v 1.12 2009/06/07 20:13:18 dholland Exp $"); +__RCSID("$NetBSD: hack.main.c,v 1.13 2009/06/29 23:05:33 dholland Exp $"); #endif /* not lint */ #include <signal.h> @@ -300,7 +300,8 @@ main(int argc, char *argv[]) } *gp = 0; } else - (void) strcpy(genocided, sfoo); + (void) strlcpy(genocided, sfoo, + sizeof(genocided)); (void) strcpy(fut_geno, genocided); } } @@ -478,12 +479,12 @@ void glo(int foo) { /* construct the string xlock.n */ - char *tf; + size_t pos; - tf = lock; - while (*tf && *tf != '.') - tf++; - (void) sprintf(tf, ".%d", foo); + pos = 0; + while (lock[pos] && lock[pos] != '.') + pos++; + (void) snprintf(lock + pos, sizeof(lock) - pos, ".%d", foo); } /* |