Date: Fri, 4 Aug 2000 01:45:08 -0700 (PDT) From: Kris Kennaway <kris@hub.freebsd.org> To: audit@freebsd.org Subject: libftpio patch Message-ID: <Pine.BSF.4.21.0008040144260.66197-100000@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Comments? The only thing which seems to use this nowadays is sysinstall,
but it still should be fixed.
Kris
Index: ftpio.c
===================================================================
RCS file: /home/ncvs/src/lib/libftpio/ftpio.c,v
retrieving revision 1.37
diff -u -r1.37 ftpio.c
--- ftpio.c 2000/07/10 10:00:20 1.37
+++ ftpio.c 2000/08/04 08:43:05
@@ -61,7 +61,8 @@
static int ftp_login_session(FTP_t ftp, char *host, int af, char *user, char *passwd, int port, int verbose);
static int ftp_file_op(FTP_t ftp, char *operation, char *file, FILE **fp, char *mode, off_t *seekto);
static int ftp_close(FTP_t ftp);
-static int get_url_info(char *url_in, char *host_ret, int *port_ret, char *name_ret);
+static int get_url_info(char *url_in, char *host_ret, int host_size, int *port_ret, char *name_ret,
+ int name_size);
static void ftp_timeout(int sig);
static void ftp_set_timeout(void);
static void ftp_clear_timeout(void);
@@ -382,7 +383,7 @@
if (retcode)
*retcode = 0;
- if (get_url_info(url, host, &port, name) == SUCCESS) {
+ if (get_url_info(url, host, sizeof(host), &port, name, sizeof(name)) == SUCCESS) {
if (fp && prev_host) {
if (!strcmp(prev_host, host)) {
/* Try to use cached connection */
@@ -446,7 +447,7 @@
fclose(fp);
fp = NULL;
}
- if (get_url_info(url, host, &port, name) == SUCCESS) {
+ if (get_url_info(url, host, sizeof(host), &port, name, sizeof(name)) == SUCCESS) {
fp = ftpLoginAf(host, af, user, passwd, port, 0, retcode);
if (fp) {
fp2 = ftpPut(fp, name);
@@ -465,7 +466,7 @@
/* Internal workhorse function for dissecting URLs. Takes a URL as the first argument and returns the
result of such disection in the host, user, passwd, port and name variables. */
static int
-get_url_info(char *url_in, char *host_ret, int *port_ret, char *name_ret)
+get_url_info(char *url_in, char *host_ret, int host_size, int *port_ret, char *name_ret, int name_size)
{
char *name, *host, *cp, url[BUFSIZ];
int port;
@@ -489,9 +490,11 @@
if ((name = index(cp ? cp : host, '/')) != NULL)
*(name++) = '\0';
if (host_ret)
- strcpy(host_ret, host);
+ if (strlcpy(host_ret, host, host_size) >= host_size)
+ return FAILURE;
if (name && name_ret)
- strcpy(name_ret, name);
+ if (strlcpy(name_ret, name, name_size) >= host_size)
+ return FAILURE;
return SUCCESS;
}
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008040144260.66197-100000>