From 0d5fa63d481044587e4dec7907c85afc2adc6d2a Mon Sep 17 00:00:00 2001 From: reed Date: Wed, 22 Nov 2006 16:15:42 +0000 Subject: Check that -w width is not above maximum. (It already checks for zero or negative.) Using width above DWIDTH may cause overflow as noted by Gruzicki Wlodek on bugtraq. While here replace one use of 132 with DWIDTH. --- banner/banner.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'banner') diff --git a/banner/banner.c b/banner/banner.c index 74a9db31..7fed9a68 100644 --- a/banner/banner.c +++ b/banner/banner.c @@ -1,4 +1,4 @@ -/* $NetBSD: banner.c,v 1.15 2005/07/01 01:13:05 jmc Exp $ */ +/* $NetBSD: banner.c,v 1.16 2006/11/22 16:15:42 reed Exp $ */ /* * Copyright (c) 1980, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993, 1994\n\ #if 0 static char sccsid[] = "@(#)banner.c 8.4 (Berkeley) 4/29/95"; #else -__RCSID("$NetBSD: banner.c,v 1.15 2005/07/01 01:13:05 jmc Exp $"); +__RCSID("$NetBSD: banner.c,v 1.16 2006/11/22 16:15:42 reed Exp $"); #endif #endif /* not lint */ @@ -1046,7 +1046,7 @@ main(int argc, char *argv[]) break; case 'w': width = atoi(optarg); - if (width <= 0) + if (width <= 0 || width > DWIDTH) errx(1, "illegal argument for -w option"); break; case '?': @@ -1058,7 +1058,7 @@ main(int argc, char *argv[]) argv += optind; for (i = 0; i < width; i++) { - j = i * 132 / width; + j = i * DWIDTH / width; print[j] = 1; } -- cgit v1.2.3-56-ge451