From c83b145bce9ead5008064c710c17bf66915cda88 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Fri, 23 Jun 2000 22:43:59 +0000 Subject: [PATCH] merge from krb5-1-2-beta4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12426 dc483132-0cff-0310-8789-dd5450dbe970 --- src/util/db2/ChangeLog | 4 ++++ src/util/db2/hash/dbm.c | 5 +++-- src/util/et/ChangeLog | 10 ++++++++++ src/util/et/com_err.c | 11 +++++++---- src/util/pty/ChangeLog | 5 +++++ src/util/pty/configure.in | 2 +- src/util/ss/ChangeLog | 8 ++++++++ src/util/ss/help.c | 14 ++++++++------ src/util/ss/list_rqs.c | 13 +++++++------ src/util/ss/mk_cmds.c | 5 +++-- src/util/ss/utils.c | 11 +++++------ 11 files changed, 61 insertions(+), 27 deletions(-) diff --git a/src/util/db2/ChangeLog b/src/util/db2/ChangeLog index 7972728d6..9ce240aec 100644 --- a/src/util/db2/ChangeLog +++ b/src/util/db2/ChangeLog @@ -1,3 +1,7 @@ +2000-05-01 Nalin Dahyabhai + + * hash/dbm.c (kdb2_dbm_open): Don't overflow buffer "path". + 1999-08-15 Tom Yu * README.NOT.SLEEPYCAT.DB: New file; pointer to README to diff --git a/src/util/db2/hash/dbm.c b/src/util/db2/hash/dbm.c index 50921de84..aa9676632 100644 --- a/src/util/db2/hash/dbm.c +++ b/src/util/db2/hash/dbm.c @@ -168,8 +168,9 @@ kdb2_dbm_open(file, flags, mode) info.cachesize = 0; info.hash = NULL; info.lorder = 0; - (void)strcpy(path, file); - (void)strcat(path, DBM_SUFFIX); + (void)strncpy(path, file, sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; + (void)strncat(path, DBM_SUFFIX, sizeof(path) - 1 - strlen(path)); return ((DBM *)__hash_open(path, flags, mode, &info, 0)); } diff --git a/src/util/et/ChangeLog b/src/util/et/ChangeLog index 6202dd2db..e0f979369 100644 --- a/src/util/et/ChangeLog +++ b/src/util/et/ChangeLog @@ -1,3 +1,13 @@ +2000-05-07 Miro Jurisic + + * com_err.c (default_com_err_proc): use strncpy + where strncpy was meant (typo in Nalin's patch) + +2000-05-01 Nalin Dahyabhai + + * com_err.c (default_com_err_proc) [_MSDOS || _WIN32 || + macintosh]: Don't overflow buffer "errbuf". + 2000-02-23 Ken Raeburn * Makefile.in (com_err.o): Depends on com_err.c. diff --git a/src/util/et/com_err.c b/src/util/et/com_err.c index 31da130db..7bb081048 100644 --- a/src/util/et/com_err.c +++ b/src/util/et/com_err.c @@ -50,15 +50,18 @@ static void default_com_err_proc(whoami, code, fmt, ap) char errbuf[1024] = ""; if (whoami) { - strcat (errbuf, whoami); - strcat (errbuf, ": "); + errbuf[sizeof(errbuf) - 1] = '\0'; + strncat (errbuf, whoami, sizeof(errbuf) - 1 - strlen(errbuf)); + strncat (errbuf, ": ", sizeof(errbuf) - 1 - strlen(errbuf)); } if (code) { - strcat (errbuf, error_message(code)); - strcat (errbuf, " "); + errbuf[sizeof(errbuf) - 1] = '\0'; + strncat (errbuf, error_message(code), sizeof(errbuf) - 1 - strlen(errbuf)); + strncat (errbuf, " ", sizeof(errbuf) - 1 - strlen(errbuf)); } if (fmt) vsprintf (errbuf + strlen (errbuf), fmt, ap); + errbuf[sizeof(errbuf) - 1] = '\0'; #ifdef macintosh MacMessageBox(errbuf); diff --git a/src/util/pty/ChangeLog b/src/util/pty/ChangeLog index 4a3fb97fb..de572707b 100644 --- a/src/util/pty/ChangeLog +++ b/src/util/pty/ChangeLog @@ -1,3 +1,8 @@ +1999-10-26 Tom Yu + + * configure.in: Check for alpha*-dec-osf* instead of + alpha-dec-osf*. + 1999-10-26 Wilfredo Sanchez * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, diff --git a/src/util/pty/configure.in b/src/util/pty/configure.in index 398b1827f..58ceb8369 100644 --- a/src/util/pty/configure.in +++ b/src/util/pty/configure.in @@ -30,7 +30,7 @@ ac_cv_func_setsid=no # setsid doesn't do the right thing under Ultrix even thoug # Moreover, strops.h trashes sys/ioctl.h krb5_cv_has_streams=no ;; -alpha-dec-osf*) +alpha*-dec-osf*) AC_CHECK_LIB(security,main, AC_DEFINE(HAVE_SETLUID) LOGINLIBS="$LOGINLIBS -lsecurity" diff --git a/src/util/ss/ChangeLog b/src/util/ss/ChangeLog index 0b209c38d..475549aaf 100644 --- a/src/util/ss/ChangeLog +++ b/src/util/ss/ChangeLog @@ -1,3 +1,11 @@ +2000-05-01 Nalin Dahyabhai + + * help.c (ss_help): Don't overflow buffers "buffer" or "buf". + * list_rqs.c (ss_list_requests): Don't overflow buffer "buffer". + * mk_cmds.c (main): Don't overflow buffer "c_file". + * utils.c (generate_rqte): Update lengths of constant strings in + computing buffer size. + 2000-02-01 Ken Raeburn * listen.c (ss_listen): Local var END should be volatile. diff --git a/src/util/ss/help.c b/src/util/ss/help.c index e09b77715..3c9cbec51 100644 --- a/src/util/ss/help.c +++ b/src/util/ss/help.c @@ -53,16 +53,18 @@ void ss_help (argc, argv, sci_idx, info_ptr) return; } for (idx = 0; info->info_dirs[idx] != (char *)NULL; idx++) { - (void) strcpy(buffer, info->info_dirs[idx]); - (void) strcat(buffer, "/"); - (void) strcat(buffer, argv[1]); - (void) strcat(buffer, ".info"); + (void) strncpy(buffer, info->info_dirs[idx], sizeof(buffer) - 1); + buffer[sizeof(buffer) - 1] = '\0'; + (void) strncat(buffer, "/", sizeof(buffer) - 1 - strlen(buffer)); + (void) strncat(buffer, argv[1], sizeof(buffer) - 1 - strlen(buffer)); + (void) strncat(buffer, ".info", sizeof(buffer) - 1 - strlen(buffer)); if ((fd = open(&buffer[0], O_RDONLY)) >= 0) goto got_it; } if ((fd = open(&buffer[0], O_RDONLY)) < 0) { char buf[MAXPATHLEN]; - strcpy(buf, "No info found for "); - strcat(buf, argv[1]); + strncpy(buf, "No info found for ", sizeof(buf) - 1); + buf[sizeof(buf) - 1] = '\0'; + strncat(buf, argv[1], sizeof(buf) - 1 - strlen(buf)); ss_perror(sci_idx, 0, buf); return; } diff --git a/src/util/ss/list_rqs.c b/src/util/ss/list_rqs.c index cf2c9312f..045a0c82b 100644 --- a/src/util/ss/list_rqs.c +++ b/src/util/ss/list_rqs.c @@ -87,23 +87,24 @@ ss_list_requests(argc, argv, sci_idx, info_ptr) buffer[0] = '\0'; if (entry->flags & SS_OPT_DONT_LIST) continue; + buffer[sizeof(buffer) - 1] = '\0'; for (name = entry->command_names; *name; name++) { register int len = strlen(*name); - strncat(buffer, *name, len); + strncat(buffer, *name, sizeof(buffer) - 1 - strlen(buffer)); spacing += len + 2; if (name[1]) { - strcat(buffer, ", "); + strncat(buffer, ", ", sizeof(buffer) - 1 - strlen(buffer)); } } if (spacing > 23) { - strcat(buffer, NL); + strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer)); fputs(buffer, output); spacing = 0; buffer[0] = '\0'; } - strncat(buffer, twentyfive_spaces, 25-spacing); - strcat(buffer, entry->info_string); - strcat(buffer, NL); + strncat(buffer, twentyfive_spaces, sizeof(buffer) - 1 - (25-spacing)); + strncpy(buffer + 25, entry->info_string, sizeof(buffer) - 1 - 25); + strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer)); fputs(buffer, output); } } diff --git a/src/util/ss/mk_cmds.c b/src/util/ss/mk_cmds.c index 0bcd77061..bba5edd2f 100644 --- a/src/util/ss/mk_cmds.c +++ b/src/util/ss/mk_cmds.c @@ -62,8 +62,9 @@ int main(argc, argv) p = strrchr(path, '.'); *p = '\0'; q = rindex(path, '/'); - strcpy(c_file, (q) ? q + 1 : path); - strcat(c_file, ".c"); + strncpy(c_file, (q) ? q + 1 : path, sizeof(c_file) - 1); + c_file[sizeof(c_file) - 1] = '\0'; + strncat(c_file, ".c", sizeof(c_file) - 1 - strlen(c_file)); *p = '.'; output_file = fopen(c_file, "w+"); diff --git a/src/util/ss/utils.c b/src/util/ss/utils.c index 9698e7043..c57800157 100644 --- a/src/util/ss/utils.c +++ b/src/util/ss/utils.c @@ -61,13 +61,12 @@ char * generate_rqte(func_name, info_string, cmds, options) var_name = generate_cmds_string(cmds); generate_function_definition(func_name); size = 6; /* " { " */ - size += strlen(var_name)+7; /* "quux, " */ - size += strlen(func_name)+7; /* "foo, " */ - size += strlen(info_string)+9; /* "\"Info!\", " */ + size += strlen(var_name)+8; /* "quux, " */ + size += strlen(func_name)+8; /* "foo, " */ + size += strlen(info_string)+8; /* "\"Info!\", " */ sprintf(numbuf, "%d", options); - size += strlen(numbuf); - size += 4; /* " }," + NL */ - string = malloc(size * sizeof(char *)); + size += strlen(numbuf)+5; /* " }," + NL + NUL */ + string = malloc(size); strcpy(string, " { "); strcat(string, var_name); strcat(string, ",\n "); -- 2.26.2