Date: Sat, 05 Aug 2000 22:02:48 -0400 (EDT) From: Mike Heffner <mheffner@mailandnews.com> To: Kris Kennaway <kris@hub.freebsd.org> Cc: audit@freebsd.org Subject: Re: libftpio patch Message-ID: <XFMail.20000805220248.mheffner@mailandnews.com> In-Reply-To: <Pine.BSF.4.21.0008040216510.95142-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04-Aug-2000 Kris Kennaway wrote:
<snip>
| if (strncmp("ftp://", url_in, 6) != 0)
| return FAILURE;
| /* We like to stomp a lot on the URL string in dissecting it, so copy
| it first */
| - strncpy(url, url_in, BUFSIZ);
| + if (strlcpy(url, url_in, BUFSIZ) >= BUFSIZ)
| + return FAILURE;
Just to be nit-picky, should this be sizeof(url) to remain consistent with your
other changes?
<snip>
| @@ -703,7 +707,7 @@
|
| va_list ap;
| va_start(ap, fmt);
| - (void)vsnprintf(p, sizeof p, fmt, ap);
| + (void)vsnprintf(p, sizeof p - 3, fmt, ap);
Assuming the "\r\n" is all you strcat() on to p, this only needs to be - 2
--
Mike Heffner <spock@techfour.net>
Fredericksburg, VA ICQ# 882073
http://my.ispchannel.com/~mheffner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20000805220248.mheffner>