From owner-freebsd-audit Tue Dec 5 4: 2:55 2000 From owner-freebsd-audit@FreeBSD.ORG Tue Dec 5 04:02:53 2000 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from eeyore.local.dohd.org (d0030.upc-d.chello.nl [213.46.0.30]) by hub.freebsd.org (Postfix) with ESMTP id 2DEA837B400 for ; Tue, 5 Dec 2000 04:02:52 -0800 (PST) Received: by eeyore.local.dohd.org (Postfix, from userid 1008) id 7EC04BA0A; Tue, 5 Dec 2000 13:02:48 +0100 (MET) Date: Tue, 5 Dec 2000 13:02:48 +0100 From: Mark Huizer To: Will Andrews Cc: Max Khon , audit@FreeBSD.ORG Subject: Re: usr.bin audit patch Message-ID: <20001205130248.A5965@dohd.cx> References: <20001204201058.W570@puck.firepipe.net> <20001204214825.Z570@puck.firepipe.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20001204214825.Z570@puck.firepipe.net>; from will@physics.purdue.edu on Mon, Dec 04, 2000 at 09:48:25PM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > - p += sprintf(cmd, "exec %s", argv[0]); > > + p += snprintf(cmd, sizeof(cmd), "exec %s", argv[0]); > > for (i = 1; i <= nargs; i++) > > - p += sprintf(p, " %c%d", magic, i); > > + p += snprintf(p, sizeof(p), " %c%d", magic, i); > > > > sizeof(p) == sizeof(void *) (== 4 on i386) -- it is not what your tried to > > achieve. also do not use strncpy/strncat instead of strcpy/strcat. in most > > cases this is useless -- use strlcpy/strlcat instead > > Ah, ok. You have a point about the latter diff, what about the former? > It seems a huge hole to allow a user to specify input via command-line > -- even if it's the command itself (argv[0]). > In this case it doesn't matter that much, since cmd is malloced to be the correct size. Mark -- Nice testing in little China... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message