Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove dangerous sprintf calls.

This commit is contained in:
mrg 1997-02-11 08:15:08 +00:00
parent 6b91a6b891
commit 56d95f62f0
3 changed files with 25 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
usr.bin/login/k5login.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: k5login.c,v 1.2 1994/12/23 06:52:58 jtc Exp $ */
/* $NetBSD: k5login.c,v 1.3 1997/02/11 08:15:08 mrg Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)klogin.c 5.11 (Berkeley) 7/12/92";
#endif
static char rcsid[] = "$NetBSD: k5login.c,v 1.2 1994/12/23 06:52:58 jtc Exp $";
static char rcsid[] = "$NetBSD: k5login.c,v 1.3 1997/02/11 08:15:08 mrg Exp $";
#endif /* not lint */
#ifdef KERBEROS5
@ -130,18 +130,18 @@ klogin(pw, instance, localhost, password)
*/
if (strcmp(instance, "root") != 0)
(void)sprintf(tkt_location, "FILE:/tmp/krb5cc_%d.%s",
pw->pw_uid, tty);
(void)snprintf(tkt_location, sizeof tkt_location,
"FILE:/tmp/krb5cc_%d.%s", pw->pw_uid, tty);
else
(void)sprintf(tkt_location, "FILE:/tmp/krb5cc_root_%d.%s",
pw->pw_uid, tty);
(void)snprintf(tkt_location, sizeof tkt_location,
"FILE:/tmp/krb5cc_root_%d.%s", pw->pw_uid, tty);
krbtkfile_env = tkt_location;
principal = malloc(strlen(pw->pw_name)+strlen(instance)+2);
strcpy(principal, pw->pw_name);
strcpy(principal, pw->pw_name); /* XXX strcpy is safe */
if (strlen(instance)) {
strcat(principal, "/");
strcat(principal, instance);
strcat(principal, "/"); /* XXX strcat is safe */
strcat(principal, instance); /* XXX strcat is safe */
}
if (kerror = krb5_cc_resolve(tkt_location, &ccache)) {

20
usr.bin/login/klogin.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: klogin.c,v 1.7 1996/05/21 22:07:04 mrg Exp $ */
/* $NetBSD: klogin.c,v 1.8 1997/02/11 08:15:09 mrg Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)klogin.c 8.3 (Berkeley) 4/2/94";
#endif
static char rcsid[] = "$NetBSD: klogin.c,v 1.7 1996/05/21 22:07:04 mrg Exp $";
static char rcsid[] = "$NetBSD: klogin.c,v 1.8 1997/02/11 08:15:09 mrg Exp $";
#endif /* not lint */
#ifdef KERBEROS
@ -114,11 +114,11 @@ klogin(pw, instance, localhost, password)
*/
if (strcmp(instance, "root") != 0)
(void)sprintf(tkt_location, "%s%d.%s",
TKT_ROOT, pw->pw_uid, tty);
(void)snprintf(tkt_location, sizeof tkt_location, "%s%d.%s",
TKT_ROOT, pw->pw_uid, tty);
else
(void)sprintf(tkt_location, "%s_root_%d.%s",
TKT_ROOT, pw->pw_uid, tty);
(void)snprintf(tkt_location, sizeof tkt_location,
"%s_root_%d.%s", TKT_ROOT, pw->pw_uid, tty);
krbtkfile_env = tkt_location;
(void)krb_set_tkt_string(tkt_location);
@ -263,13 +263,15 @@ kdestroy()
(void) unlink(file);
out:
if (errno != 0) return;
if (errno != 0)
return;
#ifdef TKT_SHMEM
/*
* handle the shared memory case
*/
(void) strcpy(shmidname, file);
(void) strcat(shmidname, ".shm");
/* 5 == 4 (".shm") + 1 */
(void)strncpy(shmidname, file, sizeof(shmidname) - 5);
(void)strcat(shmidname, ".shm"); /* XXX strcat is safe */
if (krb_shm_dest(shmidname) != KSUCCESS)
return;
#endif /* TKT_SHMEM */

10
usr.bin/login/login.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: login.c,v 1.16 1996/12/20 20:17:30 sommerfe Exp $ */
/* $NetBSD: login.c,v 1.17 1997/02/11 08:15:10 mrg Exp $ */
/*-
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@ -43,7 +43,7 @@ static char copyright[] =
#if 0
static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
#endif
static char rcsid[] = "$NetBSD: login.c,v 1.16 1996/12/20 20:17:30 sommerfe Exp $";
static char rcsid[] = "$NetBSD: login.c,v 1.17 1997/02/11 08:15:10 mrg Exp $";
#endif /* not lint */
/*
@ -237,7 +237,7 @@ main(argc, argv)
badlogin(tbuf);
failures = 0;
}
(void)strcpy(tbuf, username);
(void)strncpy(tbuf, username, sizeof(tbuf) - 1);
if (pwd = getpwnam(username))
salt = pwd->pw_passwd;
@ -450,8 +450,8 @@ main(argc, argv)
(void)signal(SIGTSTP, SIG_IGN);
tbuf[0] = '-';
(void)strcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ?
p + 1 : pwd->pw_shell);
(void)strncpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ?
p + 1 : pwd->pw_shell, sizeof(tbuf) - 2);
if (setlogin(pwd->pw_name) < 0)
syslog(LOG_ERR, "setlogin() failure: %m");