From owner-freebsd-audit  Wed Dec  6  9:56:58 2000
From owner-freebsd-audit@FreeBSD.ORG  Wed Dec  6 09:56:56 2000
Return-Path: <owner-freebsd-audit@FreeBSD.ORG>
Delivered-To: freebsd-audit@freebsd.org
Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193])
	by hub.freebsd.org (Postfix) with ESMTP id D8D0937B400
	for <freebsd-audit@FreeBSD.org>; Wed,  6 Dec 2000 09:56:55 -0800 (PST)
Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190])
	by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id eB6HusB465205;
	Wed, 6 Dec 2000 12:56:54 -0500 (EST)
Received: from muriel.penguinpowered.com ([198.82.100.195])
 by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10)
 with ESMTP id <0G55009CKR6TAY@gkar.cc.vt.edu>; Wed,
 6 Dec 2000 12:56:53 -0500 (EST)
Date: Wed, 06 Dec 2000 12:56:53 -0500 (EST)
From: Mike Heffner <mheffner@vt.edu>
Subject: RE: libutil diff
In-reply-to: <20001206105523.A52977@peitho.fxp.org>
Sender: spock@muriel.penguinpowered.com
To: Chris Faulhaber <jedgar@fxp.org>
Cc: freebsd-audit@FreeBSD.org
Message-id: <XFMail.20001206125653.mheffner@vt.edu>
MIME-version: 1.0
X-Mailer: XFMail 1.4.4 on FreeBSD
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 8bit
X-Priority: 3 (Normal)
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On 06-Dec-2000 Chris Faulhaber wrote:
|  For today's diff, we present libutil:
|  
|  - sprintf() -> snprintf()
|  - do not attempt to manipulate a malloc()'d struct if it is NULL
|  - strcpy() -> strlcpy()
|  
|  I could not find any limits/restrictions on the variables used in
|  the corrected sprintf()/strcpy() calls, so these seem safer.
|  

[snip]

|   
|  Index: pty.c
|  ===================================================================
|  RCS file: /home/ncvs/src/lib/libutil/pty.c,v
|  retrieving revision 1.10
|  diff -u -r1.10 pty.c
|  --- pty.c    1999/08/28 00:05:51     1.10
|  +++ pty.c    2000/12/06 15:05:31
|  @@ -87,7 +87,7 @@
|                                       *amaster = master;
|                                       *aslave = slave;
|                                       if (name)
|  -                                            strcpy(name, line);
|  +                                            strlcpy(name, line,
sizeof(name));

name is a char* passed into the function, so therefore sizeof(name) == 4

The manpage states:

    If the argument name is not NULL, openpty() copies the pathname of the
    slave pty to this area.  The caller is responsible for allocating the re-
    quired space in this array.

I think it should also mention the length required for name (ie. sizeof(line)).


-- 
  Mike Heffner     <mheffner@vt.edu>
  Blacksburg, VA         ICQ# 882073
  http://my.ispchannel.com/~mheffner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message