From owner-freebsd-audit  Fri Sep 14  2:16:41 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 3C89537B407
	for <freebsd-audit@FreeBSD.ORG>; Fri, 14 Sep 2001 02:16:37 -0700 (PDT)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id LAA29139;
	Fri, 14 Sep 2001 11:16:27 +0200 (CEST)
	(envelope-from des@ofug.org)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: "Andrew R. Reiter" <arr@watson.org>
Cc: freebsd-audit@FreeBSD.ORG
Subject: Re: dungeon master patch
References: <Pine.NEB.3.96L.1010914000517.11262A-200000@fledge.watson.org>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 14 Sep 2001 11:16:26 +0200
In-Reply-To: <Pine.NEB.3.96L.1010914000517.11262A-200000@fledge.watson.org>
Message-ID: <xzpzo7yt9n9.fsf@flood.ping.uio.no>
Lines: 43
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

"Andrew R. Reiter" <arr@watson.org> writes:
> --- dm.c.orig	Thu Sep 13 22:44:25 2001
> +++ dm.c	Thu Sep 13 23:02:43 2001
> @@ -111,15 +111,16 @@
>  play(args)
>  	char **args;
>  {
> -	char pbuf[MAXPATHLEN];
> +	char pbuf[MAXPATHLEN+1];

The "+1" is incorrect, and PATH_MAX misspelled MAXPATHLEN.

> -	if (sizeof(_PATH_HIDE) + strlen(game) > sizeof(pbuf)) {
> +	if (sizeof(_PATH_HIDE) + strlen(game) + 1 > sizeof(pbuf)) {
>  		(void)fprintf(stderr, "dm: %s/%s: %s\n", _PATH_HIDE, game,
>  			strerror(ENAMETOOLONG));
>  		exit(1);
>  	}

No +1 is needed.

> -	(void)strcpy(pbuf, _PATH_HIDE);
> -	(void)strcpy(pbuf + sizeof(_PATH_HIDE) - 1, game);
> +	bzero((void *)&pbuf, MAXPATHLEN+1);
> +	strlcpy(pbuf, _PATH_HIDE, sizeof(pbuf));
> +	strlcat(pbuf+strlen(_PATH_HIDE), game, sizeof(pbuf)-strlen(_PATH_HIDE));

Replace bzero(), strlcpy() and strlcat() with snprintf().

> -			if (sscanf(lbuf, "%s%s", f1, f2) != 2 ||
> +			if (sscanf(lbuf, "%39s%39s", f1, f2) != 2 ||
>  			    strcasecmp(f1, "badtty"))

The return value from strcmp() and friends should always be explicitly
compared to 0.

Someone[tm] should write an snscanf() function that allows the length
of the line to be specified so it can be used in conjunction with
fgetln().

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message