Date: Tue, 5 Dec 2000 08:43:26 +0600 (NS) From: Max Khon <fjoe@iclub.nsu.ru> To: Will Andrews <will@physics.purdue.edu> Cc: audit@FreeBSD.ORG Subject: Re: usr.bin audit patch Message-ID: <Pine.BSF.4.21.0012050838500.79263-100000@iclub.nsu.ru> In-Reply-To: <20001204201058.W570@puck.firepipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, there! On Mon, 4 Dec 2000, Will Andrews wrote: > This is a bit of auditing I did on usr.bin (about half of it anyway). > There's probably a lot of false positives here. Sorry for being a lame > auditer. Feel free to enlighten me. :-) Index: apply/apply.c =================================================================== RCS file: /cvs/FreeBSD/src/usr.bin/apply/apply.c,v retrieving revision 1.10 diff -u -r1.10 apply.c --- apply/apply.c 2000/10/16 08:11:48 1.10 +++ apply/apply.c 2000/12/05 01:00:48 @@ -124,9 +124,9 @@ nargs = 1; p = cmd; - p += sprintf(cmd, "exec %s", argv[0]); + p += snprintf(cmd, sizeof(cmd), "exec %s", argv[0]); for (i = 1; i <= nargs; i++) - p += sprintf(p, " %c%d", magic, i); + p += snprintf(p, sizeof(p), " %c%d", magic, i); sizeof(p) == sizeof(void *) (== 4 on i386) -- it is not what your tried to achieve. also do not use strncpy/strncat instead of strcpy/strcat. in most cases this is useless -- use strlcpy/strlcat instead /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012050838500.79263-100000>