Date: Tue, 5 Dec 2000 13:02:48 +0100 From: Mark Huizer <freebsd@dohd.org> To: Will Andrews <will@physics.purdue.edu> Cc: Max Khon <fjoe@iclub.nsu.ru>, audit@FreeBSD.ORG Subject: Re: usr.bin audit patch Message-ID: <20001205130248.A5965@dohd.cx> In-Reply-To: <20001204214825.Z570@puck.firepipe.net>; from will@physics.purdue.edu on Mon, Dec 04, 2000 at 09:48:25PM -0500 References: <20001204201058.W570@puck.firepipe.net> <Pine.BSF.4.21.0012050838500.79263-100000@iclub.nsu.ru> <20001204214825.Z570@puck.firepipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > - p += sprintf(cmd, "exec %s", argv[0]); > > + p += snprintf(cmd, sizeof(cmd), "exec %s", argv[0]); > > for (i = 1; i <= nargs; i++) > > - p += sprintf(p, " %c%d", magic, i); > > + p += snprintf(p, sizeof(p), " %c%d", magic, i); > > > > sizeof(p) == sizeof(void *) (== 4 on i386) -- it is not what your tried to > > achieve. also do not use strncpy/strncat instead of strcpy/strcat. in most > > cases this is useless -- use strlcpy/strlcat instead > > Ah, ok. You have a point about the latter diff, what about the former? > It seems a huge hole to allow a user to specify input via command-line > -- even if it's the command itself (argv[0]). > In this case it doesn't matter that much, since cmd is malloced to be the correct size. Mark -- Nice testing in little China... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001205130248.A5965>