v1.14 from OpenBSD (jaredy):

- fix overflow when too many -a arguments are given
 - properly NUL-terminate -a arguments when copying
 - check strdup for error failure
This commit is contained in:
wiz 2005-03-30 14:18:41 +00:00
parent 8221a0eff7
commit bd02b4a3e5

View File

@ -1,4 +1,4 @@
/* $NetBSD: checknr.c,v 1.15 2005/02/02 17:14:29 wiz Exp $ */
/* $NetBSD: checknr.c,v 1.16 2005/03/30 14:18:41 wiz Exp $ */
/*
* Copyright (c) 1980, 1993
@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\
#if 0
static char sccsid[] = "@(#)checknr.c 8.1 (Berkeley) 6/6/93";
#else
__RCSID("$NetBSD: checknr.c,v 1.15 2005/02/02 17:14:29 wiz Exp $");
__RCSID("$NetBSD: checknr.c,v 1.16 2005/03/30 14:18:41 wiz Exp $");
#endif
#endif /* not lint */
@ -138,7 +138,7 @@ struct brstr {
{"TS", "TE"},
/* Refer */
{"[", "]"},
{0, 0},
{0, 0}
};
/*
@ -235,10 +235,14 @@ main(int argc, char **argv)
for (i=0; br[i].opbr; i++)
;
for (cp=argv[1]+3; cp[-1]; cp += 6) {
br[i].opbr = malloc(3);
strncpy(br[i].opbr, cp, 2);
br[i].clbr = malloc(3);
strncpy(br[i].clbr, cp+3, 2);
if (i >= MAXBR)
errx(1, "too many pairs");
if ((br[i].opbr = malloc(3)) == NULL)
err(1, "malloc");
strlcpy(br[i].opbr, cp, 3);
if ((br[i].clbr = malloc(3)) == NULL)
err(1, "malloc");
strlcpy(br[i].clbr, cp+3, 3);
addmac(br[i].opbr); /* knows pairs are also known cmds */
addmac(br[i].clbr);
i++;
@ -592,8 +596,8 @@ addmac(char *mac)
dest = src+1;
while (dest > loc)
*dest-- = *src--;
*loc = malloc(3);
strcpy(*loc, mac);
if ((*loc = strdup(mac)) == NULL)
err(1, "strdup");
ncmds++;
#ifdef DEBUG
printf("after: %s %s %s %s %s, %d cmds\n", knowncmds[slot-2],