From 35f9239da17d9e247372b31eff7d50efb738dded Mon Sep 17 00:00:00 2001 From: nia Date: Wed, 29 Apr 2020 20:45:05 +0000 Subject: strfile: Check that input/output filenames don't exceed the buffer size --- fortune/strfile/strfile.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/fortune/strfile/strfile.c b/fortune/strfile/strfile.c index ae8f7b45..a0598505 100644 --- a/fortune/strfile/strfile.c +++ b/fortune/strfile/strfile.c @@ -1,4 +1,4 @@ -/* $NetBSD: strfile.c,v 1.38 2013/09/19 00:34:00 uwe Exp $ */ +/* $NetBSD: strfile.c,v 1.39 2020/04/29 20:45:05 nia Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -47,7 +47,7 @@ __COPYRIGHT("@(#) Copyright (c) 1989, 1993\ #if 0 static char sccsid[] = "@(#)strfile.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: strfile.c,v 1.38 2013/09/19 00:34:00 uwe Exp $"); +__RCSID("$NetBSD: strfile.c,v 1.39 2020/04/29 20:45:05 nia Exp $"); #endif #endif /* not lint */ #endif /* __NetBSD__ */ @@ -267,6 +267,7 @@ getargs(int argc, char **argv) int ch; extern int optind; extern char *optarg; + size_t len; while ((ch = getopt(argc, argv, "c:iorsx")) != -1) switch(ch) { @@ -300,14 +301,25 @@ getargs(int argc, char **argv) if (*argv) { Infile = *argv; - if (*++argv) - (void) strcpy(Outfile, *argv); + if (*++argv) { + len = strlen(*argv); + if (len >= sizeof(Outfile)) { + puts("Bad output filename"); + usage(); + } + (void) memcpy(Outfile, *argv, len + 1); + } } if (!Infile) { puts("No input file name"); usage(); } if (*Outfile == '\0') { + len = strlen(Infile) + sizeof(".dat"); + if (len > sizeof(Outfile)) { + puts("Bad input filename"); + usage(); + } (void) strcpy(Outfile, Infile); (void) strcat(Outfile, ".dat"); } -- cgit v1.2.3-56-ge451