Date: Mon, 09 Oct 2000 08:29:12 +0200 From: Mark Murray <mark@grondar.za> To: Kris Kennaway <kris@citusc.usc.edu> Cc: audit@FreeBSD.ORG Subject: Re: mrouted cleanup Message-ID: <200010090629.e996TCG01044@grimreaper.grondar.za> In-Reply-To: <20001007232005.A18332@citusc17.usc.edu> ; from Kris Kennaway <kris@citusc.usc.edu> "Sat, 07 Oct 2000 23:20:05 MST." References: <20001007232005.A18332@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Please review..
Looks good!
M
> Kris
>
> Index: cfparse.y
> ===================================================================
> RCS file: /usr2/ncvs/src/usr.sbin/mrouted/cfparse.y,v
> retrieving revision 1.10
> diff -u -r1.10 cfparse.y
> --- cfparse.y 1999/08/28 01:17:03 1.10
> +++ cfparse.y 2000/10/08 06:15:33
> @@ -286,7 +286,7 @@
> }
>
> boundlist[numbounds].name = malloc(strlen
($2) + 1);
> - strcpy(boundlist[numbounds].name, $2);
> + strlcpy(boundlist[numbounds].name, $2, si
zeof(boundlist[numbounds].name));
> boundlist[numbounds++].bound = $3;
> }
> | SYSNAM STRING {
> @@ -658,7 +658,7 @@
> fatal(char *fmt, ...)
> {
> va_list ap;
> - char buf[200];
> + char buf[MAXHOSTNAMELEN + 100];
>
> va_start(ap, fmt);
> #else
> @@ -669,11 +669,11 @@
> va_dcl
> {
> va_list ap;
> - char buf[200];
> + char buf[MAXHOSTNAMELEN + 100];
>
> va_start(ap);
> #endif
> - vsprintf(buf, fmt, ap);
> + vsnprintf(buf, sizeof(buf), fmt, ap);
> va_end(ap);
>
> log(LOG_ERR,0,"%s: %s near line %d", configfilename, buf, lineno);
> @@ -699,7 +699,7 @@
>
> va_start(ap);
> #endif
> - vsprintf(buf, fmt, ap);
> + vsnprintf(buf, sizeof(buf), fmt, ap);
> va_end(ap);
>
> log(LOG_WARNING,0,"%s: %s near line %d", configfilename, buf, lineno);
> Index: main.c
> ===================================================================
> RCS file: /usr2/ncvs/src/usr.sbin/mrouted/main.c,v
> retrieving revision 1.17
> diff -u -r1.17 main.c
> --- main.c 2000/03/26 14:44:32 1.17
> +++ main.c 2000/10/08 06:13:40
> @@ -267,7 +267,7 @@
> #ifdef SYSV
> srand48(time(NULL));
> #else
> - srandom(gethostid());
> + srandomdev();
> #endif
>
> /*
> @@ -966,7 +966,7 @@
>
> va_start(ap);
> #endif
> - vsprintf(&fmt[10], format, ap);
> + vsnprintf(&fmt[10], sizeof(fmt) - 10, format, ap);
> va_end(ap);
> msg = (severity == LOG_WARNING) ? fmt : &fmt[10];
>
> @@ -987,7 +987,7 @@
> gettimeofday(&now,NULL);
> now_sec = now.tv_sec;
> thyme = localtime(&now_sec);
> - sprintf(logmsg[logmsgno++], "%02d:%02d:%02d.%03ld %s err %d",
> + snprintf(logmsg[logmsgno++], LOGMSGSIZE, "%02d:%02d:%02d.%03ld %s err %d
",
> thyme->tm_hour, thyme->tm_min, thyme->tm_sec,
> now.tv_usec / 1000, msg, syserr);
> logmsgno %= NLOGMSGS;
> Index: mtrace.c
> ===================================================================
> RCS file: /usr2/ncvs/src/usr.sbin/mrouted/mtrace.c,v
> retrieving revision 1.18
> diff -u -r1.18 mtrace.c
> --- mtrace.c 2000/03/26 14:44:34 1.18
> +++ mtrace.c 2000/10/08 06:13:58
> @@ -1263,7 +1263,7 @@
> #ifdef SYSV
> TR_SETQID(query->tr_rttlqid, ((u_int32)lrand48() >> 8));
> #else
> - TR_SETQID(query->tr_rttlqid, ((u_int32)random() >> 8));
> + TR_SETQID(query->tr_rttlqid, ((u_int32)arc4random() >> 8));
> #endif
>
> /*
> @@ -1776,7 +1776,7 @@
> if (names[i-1])
> free(names[i-1]);
> names[i-1]=malloc(strlen(name) + 1);
> - strcpy(names[i-1], name);
> + strlcpy(names[i-1], name, sizeof(names[i-1]));
> }
> }
>
> @@ -2746,7 +2746,7 @@
> #ifdef SYSV
> srand48(seed);
> #else
> - srandom(seed);
> + srandomdev();
> #endif
>
> /*
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-audit" in the body of the message
>
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010090629.e996TCG01044>