Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 4 Aug 2000 02:17:11 -0700 (PDT)
From:      Kris Kennaway <kris@hub.freebsd.org>
To:        audit@freebsd.org
Subject:   Re: libftpio patch
Message-ID:  <Pine.BSF.4.21.0008040216510.95142-100000@hub.freebsd.org>
In-Reply-To: <Pine.BSF.4.21.0008040144260.66197-100000@hub.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Here's a better patch:

Kris

Index: ftpio.c
===================================================================
RCS file: /home/ncvs/src/lib/libftpio/ftpio.c,v
retrieving revision 1.37
diff -u -r1.37 ftpio.c
--- ftpio.c	2000/07/10 10:00:20	1.37
+++ ftpio.c	2000/08/04 09:13:42
@@ -61,7 +61,8 @@
 static int	ftp_login_session(FTP_t ftp, char *host, int af, char *user, char *passwd, int port, int verbose);
 static int	ftp_file_op(FTP_t ftp, char *operation, char *file, FILE **fp, char *mode, off_t *seekto);
 static int	ftp_close(FTP_t ftp);
-static int	get_url_info(char *url_in, char *host_ret, int *port_ret, char *name_ret);
+static int	get_url_info(char *url_in, char *host_ret, int host_size, int *port_ret, char *name_ret,
+		    int name_size);
 static void	ftp_timeout(int sig);
 static void	ftp_set_timeout(void);
 static void	ftp_clear_timeout(void);
@@ -203,7 +204,7 @@
     off_t size;
 
     check_passive(fp);
-    sprintf(p, "SIZE %s\r\n", name);
+    snprintf(p, sizeof(p), "SIZE %s\r\n", name);
     if (ftp->is_verbose)
 	fprintf(stderr, "Sending %s", p);
     if (writes(ftp->fd_ctrl, p))
@@ -229,7 +230,7 @@
     int i;
 
     check_passive(fp);
-    sprintf(p, "MDTM %s\r\n", name);
+    snprintf(p, sizeof(p), "MDTM %s\r\n", name);
     if (ftp->is_verbose)
 	fprintf(stderr, "Sending %s", p);
     if (writes(ftp->fd_ctrl, p))
@@ -382,7 +383,7 @@
 
     if (retcode)
 	*retcode = 0;
-    if (get_url_info(url, host, &port, name) == SUCCESS) {
+    if (get_url_info(url, host, sizeof(host), &port, name, sizeof(name)) == SUCCESS) {
 	if (fp && prev_host) {
 	    if (!strcmp(prev_host, host)) {
 		/* Try to use cached connection */
@@ -446,7 +447,7 @@
 	fclose(fp);
 	fp = NULL;
     }
-    if (get_url_info(url, host, &port, name) == SUCCESS) {
+    if (get_url_info(url, host, sizeof(host), &port, name, sizeof(name)) == SUCCESS) {
 	fp = ftpLoginAf(host, af, user, passwd, port, 0, retcode);
 	if (fp) {
 	    fp2 = ftpPut(fp, name);
@@ -465,7 +466,7 @@
 /* Internal workhorse function for dissecting URLs.  Takes a URL as the first argument and returns the
    result of such disection in the host, user, passwd, port and name variables. */
 static int
-get_url_info(char *url_in, char *host_ret, int *port_ret, char *name_ret)
+get_url_info(char *url_in, char *host_ret, int host_size, int *port_ret, char *name_ret, int name_size)
 {
     char *name, *host, *cp, url[BUFSIZ];
     int port;
@@ -475,7 +476,8 @@
     if (strncmp("ftp://", url_in, 6) != 0)
 	return FAILURE;
     /* We like to stomp a lot on the URL string in dissecting it, so copy it first */
-    strncpy(url, url_in, BUFSIZ);
+    if (strlcpy(url, url_in, BUFSIZ) >= BUFSIZ)
+        return FAILURE;
     host = url + 6;
     if ((cp = index(host, ':')) != NULL) {
 	*(cp++) = '\0';
@@ -489,9 +491,11 @@
     if ((name = index(cp ? cp : host, '/')) != NULL)
 	*(name++) = '\0';
     if (host_ret)
-	strcpy(host_ret, host);
+	if (strlcpy(host_ret, host, host_size) >= host_size)
+	    return FAILURE;
     if (name && name_ret)
-	strcpy(name_ret, name);
+	if (strlcpy(name_ret, name, name_size) >= host_size)
+	    return FAILURE;
     return SUCCESS;
 }
 
@@ -703,7 +707,7 @@
 
     va_list ap;
     va_start(ap, fmt);
-    (void)vsnprintf(p, sizeof p, fmt, ap);
+    (void)vsnprintf(p, sizeof p - 3, fmt, ap);
     va_end(ap);
 
     if (ftp->con_state == init)

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008040216510.95142-100000>