From d00a8d1e94456d45abbb7c94cd846661735277ab Mon Sep 17 00:00:00 2001 From: dholland Date: Mon, 29 Jun 2009 23:05:33 +0000 Subject: Fix two serious string-handling bugs (one exploitable, one probably exploitable) and also add proper checking/paranoia in several other places. --- hack/hack.unix.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'hack/hack.unix.c') diff --git a/hack/hack.unix.c b/hack/hack.unix.c index 11cd9392..708e9f79 100644 --- a/hack/hack.unix.c +++ b/hack/hack.unix.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.unix.c,v 1.12 2009/06/07 20:13:18 dholland Exp $ */ +/* $NetBSD: hack.unix.c,v 1.13 2009/06/29 23:05:33 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.unix.c,v 1.12 2009/06/07 20:13:18 dholland Exp $"); +__RCSID("$NetBSD: hack.unix.c,v 1.13 2009/06/29 23:05:33 dholland Exp $"); #endif /* not lint */ /* This file collects some Unix dependencies; hack.pager.c contains some more */ @@ -192,11 +192,11 @@ gethdate(char *name) if ((np = strchr(path, ':')) == NULL) np = path + strlen(path); /* point to end str */ if (np - path <= 1) /* %% */ - (void) strcpy(filename, name); + (void) strlcpy(filename, name, sizeof(filename)); else { - (void) strncpy(filename, path, np - path); - filename[np - path] = '/'; - (void) strcpy(filename + (np - path) + 1, name); + (void) snprintf(filename, sizeof(filename), + "%.*s/%s", + (int)(np - path), path, name); } if (stat(filename, &hbuf) == 0) return; -- cgit v1.2.3-56-ge451