Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Dec 2000 08:43:26 +0600 (NS)
From:      Max Khon <fjoe@iclub.nsu.ru>
To:        Will Andrews <will@physics.purdue.edu>
Cc:        audit@FreeBSD.ORG
Subject:   Re: usr.bin audit patch
Message-ID:  <Pine.BSF.4.21.0012050838500.79263-100000@iclub.nsu.ru>
In-Reply-To: <20001204201058.W570@puck.firepipe.net>

next in thread | previous in thread | raw e-mail | index | archive | help
hi, there!

On Mon, 4 Dec 2000, Will Andrews wrote:

> This is a bit of auditing I did on usr.bin (about half of it anyway).
> There's probably a lot of false positives here.  Sorry for being a lame
> auditer.  Feel free to enlighten me.  :-)

Index: apply/apply.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/apply/apply.c,v
retrieving revision 1.10
diff -u -r1.10 apply.c
--- apply/apply.c	2000/10/16 08:11:48	1.10
+++ apply/apply.c	2000/12/05 01:00:48
@@ -124,9 +124,9 @@
 			nargs = 1;
 
 		p = cmd;
-		p += sprintf(cmd, "exec %s", argv[0]);
+		p += snprintf(cmd, sizeof(cmd), "exec %s", argv[0]);
 		for (i = 1; i <= nargs; i++)
-			p += sprintf(p, " %c%d", magic, i);
+			p += snprintf(p, sizeof(p), " %c%d", magic, i);
 
sizeof(p) == sizeof(void *) (== 4 on i386) -- it is not what your tried to
achieve. also do not use strncpy/strncat instead of strcpy/strcat. in most
cases this is useless -- use strlcpy/strlcat instead

/fjoe



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012050838500.79263-100000>