From owner-freebsd-audit Fri Aug 4 2:17:14 2000 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id B93C237B62B; Fri, 4 Aug 2000 02:17:11 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id B70D92E8194 for ; Fri, 4 Aug 2000 02:17:11 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Fri, 4 Aug 2000 02:17:11 -0700 (PDT) From: Kris Kennaway To: audit@freebsd.org Subject: Re: libftpio patch In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Here's a better patch: Kris Index: ftpio.c =================================================================== RCS file: /home/ncvs/src/lib/libftpio/ftpio.c,v retrieving revision 1.37 diff -u -r1.37 ftpio.c --- ftpio.c 2000/07/10 10:00:20 1.37 +++ ftpio.c 2000/08/04 09:13:42 @@ -61,7 +61,8 @@ static int ftp_login_session(FTP_t ftp, char *host, int af, char *user, char *passwd, int port, int verbose); static int ftp_file_op(FTP_t ftp, char *operation, char *file, FILE **fp, char *mode, off_t *seekto); static int ftp_close(FTP_t ftp); -static int get_url_info(char *url_in, char *host_ret, int *port_ret, char *name_ret); +static int get_url_info(char *url_in, char *host_ret, int host_size, int *port_ret, char *name_ret, + int name_size); static void ftp_timeout(int sig); static void ftp_set_timeout(void); static void ftp_clear_timeout(void); @@ -203,7 +204,7 @@ off_t size; check_passive(fp); - sprintf(p, "SIZE %s\r\n", name); + snprintf(p, sizeof(p), "SIZE %s\r\n", name); if (ftp->is_verbose) fprintf(stderr, "Sending %s", p); if (writes(ftp->fd_ctrl, p)) @@ -229,7 +230,7 @@ int i; check_passive(fp); - sprintf(p, "MDTM %s\r\n", name); + snprintf(p, sizeof(p), "MDTM %s\r\n", name); if (ftp->is_verbose) fprintf(stderr, "Sending %s", p); if (writes(ftp->fd_ctrl, p)) @@ -382,7 +383,7 @@ if (retcode) *retcode = 0; - if (get_url_info(url, host, &port, name) == SUCCESS) { + if (get_url_info(url, host, sizeof(host), &port, name, sizeof(name)) == SUCCESS) { if (fp && prev_host) { if (!strcmp(prev_host, host)) { /* Try to use cached connection */ @@ -446,7 +447,7 @@ fclose(fp); fp = NULL; } - if (get_url_info(url, host, &port, name) == SUCCESS) { + if (get_url_info(url, host, sizeof(host), &port, name, sizeof(name)) == SUCCESS) { fp = ftpLoginAf(host, af, user, passwd, port, 0, retcode); if (fp) { fp2 = ftpPut(fp, name); @@ -465,7 +466,7 @@ /* Internal workhorse function for dissecting URLs. Takes a URL as the first argument and returns the result of such disection in the host, user, passwd, port and name variables. */ static int -get_url_info(char *url_in, char *host_ret, int *port_ret, char *name_ret) +get_url_info(char *url_in, char *host_ret, int host_size, int *port_ret, char *name_ret, int name_size) { char *name, *host, *cp, url[BUFSIZ]; int port; @@ -475,7 +476,8 @@ if (strncmp("ftp://", url_in, 6) != 0) return FAILURE; /* We like to stomp a lot on the URL string in dissecting it, so copy it first */ - strncpy(url, url_in, BUFSIZ); + if (strlcpy(url, url_in, BUFSIZ) >= BUFSIZ) + return FAILURE; host = url + 6; if ((cp = index(host, ':')) != NULL) { *(cp++) = '\0'; @@ -489,9 +491,11 @@ if ((name = index(cp ? cp : host, '/')) != NULL) *(name++) = '\0'; if (host_ret) - strcpy(host_ret, host); + if (strlcpy(host_ret, host, host_size) >= host_size) + return FAILURE; if (name && name_ret) - strcpy(name_ret, name); + if (strlcpy(name_ret, name, name_size) >= host_size) + return FAILURE; return SUCCESS; } @@ -703,7 +707,7 @@ va_list ap; va_start(ap, fmt); - (void)vsnprintf(p, sizeof p, fmt, ap); + (void)vsnprintf(p, sizeof p - 3, fmt, ap); va_end(ap); if (ftp->con_state == init) -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message