From bd02b4a3e54ec9fec5a845afaf57a5dcff2af52f Mon Sep 17 00:00:00 2001 From: wiz Date: Wed, 30 Mar 2005 14:18:41 +0000 Subject: [PATCH] v1.14 from OpenBSD (jaredy): - fix overflow when too many -a arguments are given - properly NUL-terminate -a arguments when copying - check strdup for error failure --- usr.bin/checknr/checknr.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/usr.bin/checknr/checknr.c b/usr.bin/checknr/checknr.c index a79819198e6a..03427334864b 100644 --- a/usr.bin/checknr/checknr.c +++ b/usr.bin/checknr/checknr.c @@ -1,4 +1,4 @@ -/* $NetBSD: checknr.c,v 1.15 2005/02/02 17:14:29 wiz Exp $ */ +/* $NetBSD: checknr.c,v 1.16 2005/03/30 14:18:41 wiz Exp $ */ /* * Copyright (c) 1980, 1993 @@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)checknr.c 8.1 (Berkeley) 6/6/93"; #else -__RCSID("$NetBSD: checknr.c,v 1.15 2005/02/02 17:14:29 wiz Exp $"); +__RCSID("$NetBSD: checknr.c,v 1.16 2005/03/30 14:18:41 wiz Exp $"); #endif #endif /* not lint */ @@ -138,7 +138,7 @@ struct brstr { {"TS", "TE"}, /* Refer */ {"[", "]"}, - {0, 0}, + {0, 0} }; /* @@ -235,10 +235,14 @@ main(int argc, char **argv) for (i=0; br[i].opbr; i++) ; for (cp=argv[1]+3; cp[-1]; cp += 6) { - br[i].opbr = malloc(3); - strncpy(br[i].opbr, cp, 2); - br[i].clbr = malloc(3); - strncpy(br[i].clbr, cp+3, 2); + if (i >= MAXBR) + errx(1, "too many pairs"); + if ((br[i].opbr = malloc(3)) == NULL) + err(1, "malloc"); + strlcpy(br[i].opbr, cp, 3); + if ((br[i].clbr = malloc(3)) == NULL) + err(1, "malloc"); + strlcpy(br[i].clbr, cp+3, 3); addmac(br[i].opbr); /* knows pairs are also known cmds */ addmac(br[i].clbr); i++; @@ -592,8 +596,8 @@ addmac(char *mac) dest = src+1; while (dest > loc) *dest-- = *src--; - *loc = malloc(3); - strcpy(*loc, mac); + if ((*loc = strdup(mac)) == NULL) + err(1, "strdup"); ncmds++; #ifdef DEBUG printf("after: %s %s %s %s %s, %d cmds\n", knowncmds[slot-2],