avoid possible buffer overrun

2003-05-16 18:15:34 +00:00 · 2003-05-16 18:15:34 +00:00 · 272c80e349
parent 761f7bebc3
commit 272c80e349
5 changed files with 26 additions and 22 deletions
--- a/usr.sbin/pppd/chat/chat.c
+++ b/usr.sbin/pppd/chat/chat.c
@ -1,4 +1,4 @@
-/*	$NetBSD: chat.c,v 1.26 2002/12/06 15:17:18 thorpej Exp $	*/
+/*	$NetBSD: chat.c,v 1.27 2003/05/16 18:15:34 itojun Exp $	*/

 /*
 *	Chat -- a program for automatic session establishment (i.e. dial
@ -93,7 +93,7 @@
 #if 0
 static const char rcsid[] = "Id: chat.c,v 1.26 1999/12/23 01:39:54 paulus Exp ";
 #else
-__RCSID("$NetBSD: chat.c,v 1.26 2002/12/06 15:17:18 thorpej Exp $");
+__RCSID("$NetBSD: chat.c,v 1.27 2003/05/16 18:15:34 itojun Exp $");
 #endif
 #endif

@ -988,11 +988,11 @@ int c;
    c &= 0x7F;

    if (c < 32)
-	sprintf(string, "%s^%c", meta, (int)c + '@');
+	snprintf(string, sizeof(string), "%s^%c", meta, (int)c + '@');
    else if (c == 127)
-	sprintf(string, "%s^?", meta);
+	snprintf(string, sizeof(string), "%s^?", meta);
    else
-	sprintf(string, "%s%c", meta, c);
+	snprintf(string, sizeof(string), "%s%c", meta, c);

    return (string);
 }
@ -1410,7 +1410,8 @@ register char *string;
 		    struct tm* tm_now = localtime (&time_now);

 		    strftime (report_buffer, 20, "%b %d %H:%M:%S ", tm_now);
-		    strcat (report_buffer, report_string[n]);
+		    strlcat(report_buffer, report_string[n],
+		      sizeof(report_buffer));

 		    report_string[n] = (char *) NULL;
 		    report_gathering = 1;
@ -1456,7 +1457,8 @@ register char *string;
 		alarm(0);
 		alarmed = 0;
 		exit_code = n + 4;
-		strcpy(fail_reason = fail_buffer, abort_string[n]);
+		strlcpy(fail_buffer, abort_string[n], sizeof(fail_buffer));
+		fail_reason = fail_buffer;
 		return (0);
 	    }
 	}
--- a/usr.sbin/pppd/pppd/auth.c
+++ b/usr.sbin/pppd/pppd/auth.c
@ -1,4 +1,4 @@
-/*	$NetBSD: auth.c,v 1.33 2002/09/13 14:32:12 itojun Exp $	*/
+/*	$NetBSD: auth.c,v 1.34 2003/05/16 18:15:34 itojun Exp $	*/

 /*
 * auth.c - PPP authentication and phase control.
@ -78,7 +78,7 @@
 #if 0
 #define RCSID	"Id: auth.c,v 1.69 2001/03/12 22:50:01 paulus Exp "
 #else
-__RCSID("$NetBSD: auth.c,v 1.33 2002/09/13 14:32:12 itojun Exp $");
+__RCSID("$NetBSD: auth.c,v 1.34 2003/05/16 18:15:34 itojun Exp $");
 #endif
 #endif

@ -1878,7 +1878,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename)
 	    if (ap == NULL)
 		novm("authorized addresses");
 	    ap->word = (char *) (ap + 1);
-	    strcpy(ap->word, word);
+	    strlcpy(ap->word, word, strlen(word) + 1);
 	    *app = ap;
 	    app = &ap->next;
 	}
--- a/usr.sbin/pppd/pppd/ipv6cp.c
+++ b/usr.sbin/pppd/pppd/ipv6cp.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipv6cp.c,v 1.10 2002/05/29 19:06:32 christos Exp $	*/
+/*	$NetBSD: ipv6cp.c,v 1.11 2003/05/16 18:15:34 itojun Exp $	*/

 /*
    ipv6cp.c - PPP IPV6 Control Protocol.
@ -100,7 +100,7 @@
 #if 0
 #define RCSID	"Id: ipv6cp.c,v 1.15 2001/03/22 00:42:33 paulus Exp "
 #else
-__RCSID("$NetBSD: ipv6cp.c,v 1.10 2002/05/29 19:06:32 christos Exp $");
+__RCSID("$NetBSD: ipv6cp.c,v 1.11 2003/05/16 18:15:34 itojun Exp $");
 #endif
 #endif

@ -371,7 +371,7 @@ llv6_ntoa(ifaceid)
 {
    static char b[64];

-    sprintf(b, "fe80::%s", eui64_ntoa(ifaceid));
+    snprintf(b, sizeof(b), "fe80::%s", eui64_ntoa(ifaceid));
    return b;
 }

@ -1373,9 +1373,10 @@ ipv6cp_script(script)
    char strspeed[32], strlocal[32], strremote[32];
    char *argv[8];

-    sprintf(strspeed, "%d", baud_rate);
-    strcpy(strlocal, llv6_ntoa(ipv6cp_gotoptions[0].ourid));
-    strcpy(strremote, llv6_ntoa(ipv6cp_hisoptions[0].hisid));
+    snprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
+    strlcpy(strlocal, llv6_ntoa(ipv6cp_gotoptions[0].ourid), sizeof(strlocal));
+    strlcpy(strremote, llv6_ntoa(ipv6cp_hisoptions[0].hisid),
+      sizeof(strremote));

    argv[0] = script;
    argv[1] = ifname;
--- a/usr.sbin/pppd/pppd/options.c
+++ b/usr.sbin/pppd/pppd/options.c
@ -1,4 +1,4 @@
-/*	$NetBSD: options.c,v 1.38 2002/07/06 18:21:43 itojun Exp $	*/
+/*	$NetBSD: options.c,v 1.39 2003/05/16 18:15:34 itojun Exp $	*/

 /*
 * options.c - handles option processing for PPP.
@ -47,7 +47,7 @@
 #if 0
 #define RCSID	"Id: options.c,v 1.80 2001/03/12 22:56:12 paulus Exp "
 #else
-__RCSID("$NetBSD: options.c,v 1.38 2002/07/06 18:21:43 itojun Exp $");
+__RCSID("$NetBSD: options.c,v 1.39 2003/05/16 18:15:34 itojun Exp $");
 #endif
 #endif

@ -758,7 +758,7 @@ process_option(opt, cmd, argv)

 	    ovp = malloc(sizeof(*ovp) + strlen(*argv));
 	    if (ovp != 0) {
-		strcpy(ovp->value, *argv);
+		strlcpy(ovp->value, *argv, sizeof(ovp->value));
 		ovp->source = option_source;
 		ovp->next = NULL;
 		pp = (struct option_value **) &opt->addr2;
--- a/usr.sbin/pppd/pppd/utils.c
+++ b/usr.sbin/pppd/pppd/utils.c
@ -1,4 +1,4 @@
-/*	$NetBSD: utils.c,v 1.9 2002/09/13 14:32:13 itojun Exp $	*/
+/*	$NetBSD: utils.c,v 1.10 2003/05/16 18:15:34 itojun Exp $	*/

 /*
 * utils.c - various utility functions used in pppd.
@ -40,7 +40,7 @@
 #if 0
 #define RCSID	"Id: utils.c,v 1.13 2001/03/16 02:08:13 paulus Exp "
 #else
-__RCSID("$NetBSD: utils.c,v 1.9 2002/09/13 14:32:13 itojun Exp $");
+__RCSID("$NetBSD: utils.c,v 1.10 2003/05/16 18:15:34 itojun Exp $");
 #endif
 #endif

@ -88,6 +88,7 @@ struct buffer_info {
    int len;
 };

+#if 0
 /*
 * strlcpy - like strcpy/strncpy, doesn't overflow destination buffer,
 * always leaves destination null-terminated (for len > 0).
@ -125,7 +126,7 @@ strlcat(dest, src, len)

    return dlen + strlcpy(dest + dlen, src, (len > dlen? len - dlen: 0));
 }
-
+#endif

 /*
 * slprintf - format a message into a buffer.  Like sprintf except we