From owner-freebsd-audit Sat Aug 5 19: 4:21 2000 Delivered-To: freebsd-audit@freebsd.org Received: from smtp1a.ispchannel.com (smtp.ispchannel.com [24.142.63.7]) by hub.freebsd.org (Postfix) with ESMTP id D888437B7C4 for ; Sat, 5 Aug 2000 19:04:15 -0700 (PDT) (envelope-from mheffner@mailandnews.com) Received: from muriel.penguinpowered.com ([208.138.198.109]) by smtp1a.ispchannel.com (InterMail vK.4.02.00.00 201-232-116 license 7d3764cdaca754bf8ae20adf0db2aa60) with ESMTP id <20000806020601.WOYW8223.smtp1a@muriel.penguinpowered.com>; Sat, 5 Aug 2000 19:06:01 -0700 Content-Length: 800 Message-ID: X-Mailer: XFMail 1.4.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Sat, 05 Aug 2000 22:02:48 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: Kris Kennaway Subject: Re: libftpio patch Cc: audit@freebsd.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 04-Aug-2000 Kris Kennaway wrote: | if (strncmp("ftp://", url_in, 6) != 0) | return FAILURE; | /* We like to stomp a lot on the URL string in dissecting it, so copy | it first */ | - strncpy(url, url_in, BUFSIZ); | + if (strlcpy(url, url_in, BUFSIZ) >= BUFSIZ) | + return FAILURE; Just to be nit-picky, should this be sizeof(url) to remain consistent with your other changes? | @@ -703,7 +707,7 @@ | | va_list ap; | va_start(ap, fmt); | - (void)vsnprintf(p, sizeof p, fmt, ap); | + (void)vsnprintf(p, sizeof p - 3, fmt, ap); Assuming the "\r\n" is all you strcat() on to p, this only needs to be - 2 -- Mike Heffner Fredericksburg, VA ICQ# 882073 http://my.ispchannel.com/~mheffner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message