Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

verify strvis() buffer length is enough. make sure string termination before 

use.  remove extra ntohs() which is not needed.  from Charles Blundell
This commit is contained in:
itojun 2002-11-20 21:01:57 +00:00
parent 59fc067cf7
commit b39cb313c6
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libexec/talkd/announce.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: announce.c,v 1.16 2002/09/25 04:57:59 itojun Exp $ */
/* $NetBSD: announce.c,v 1.17 2002/11/20 21:01:57 itojun Exp $ */
/*
* Copyright (c) 1983, 1993
@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)announce.c 8.3 (Berkeley) 4/28/95";
#else
__RCSID("$NetBSD: announce.c,v 1.16 2002/09/25 04:57:59 itojun Exp $");
__RCSID("$NetBSD: announce.c,v 1.17 2002/11/20 21:01:57 itojun Exp $");
#endif
#endif /* not lint */
@ -129,6 +129,8 @@ print_mesg(tty, request, remote_machine)
sizes[i] = strlen(line_buf[i]);
max_size = max(max_size, sizes[i]);
i++;
if (strlen(request->l_name) + 1 > sizeof(vis_user) / 4)
return (FAILED);
strvis(vis_user, request->l_name, VIS_CSTYLE);
(void)snprintf(line_buf[i], N_CHARS,
"talk: connection requested by %s@%s.", vis_user, remote_machine);

11
libexec/talkd/talkd.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: talkd.c,v 1.15 2002/10/08 02:50:51 itojun Exp $ */
/* $NetBSD: talkd.c,v 1.16 2002/11/20 21:01:57 itojun Exp $ */
/*
* Copyright (c) 1983, 1993
@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1993\n\
#if 0
static char sccsid[] = "@(#)talkd.c 8.1 (Berkeley) 6/4/93";
#else
__RCSID("$NetBSD: talkd.c,v 1.15 2002/10/08 02:50:51 itojun Exp $");
__RCSID("$NetBSD: talkd.c,v 1.16 2002/11/20 21:01:57 itojun Exp $");
#endif
#endif /* not lint */
@ -129,15 +129,16 @@ main(argc, argv)
syslog(LOG_WARNING, "recv: %m");
continue;
}
lastmsgtime = time(0);
process_request(mp, &response);
mp->l_name[sizeof(mp->l_name) - 1] = '\0';
mp->r_name[sizeof(mp->r_name) - 1] = '\0';
mp->r_tty[sizeof(mp->r_tty) - 1] = '\0';
lastmsgtime = time(0);
process_request(mp, &response);
(void)memcpy(&ctl_addr, &mp->ctl_addr, sizeof(ctl_addr));
ctl_addr.sa_family = ntohs(mp->ctl_addr.sa_family);
ctl_addr.sa_family = mp->ctl_addr.sa_family;
ctl_addr.sa_len = sizeof(ctl_addr);
if (ctl_addr.sa_family != AF_INET)
continue;