[src/trunk]: src/usr.bin/error Eliminate hard coded buffer sizes in fgets() s...

[mjl <mjl%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9336117ccde1
branches:  trunk
changeset: 480501:9336117ccde1
user:      mjl <mjl%NetBSD.org@localhost>
date:      Fri Jan 14 06:53:48 2000 +0000

description:
Eliminate hard coded buffer sizes in fgets() statements, use
strlcpy() to avoid buffer overflows, increase filename buffer
to MAXPATHLEN. (from OpenBSD)

diffstat:

 usr.bin/error/filter.c |  22 ++++++++++++----------
 usr.bin/error/pi.c     |   6 +++---
 usr.bin/error/subr.c   |   6 +++---
 3 files changed, 18 insertions(+), 16 deletions(-)

diffs (121 lines):

diff -r 399f94421271 -r 9336117ccde1 usr.bin/error/filter.c
--- a/usr.bin/error/filter.c    Fri Jan 14 06:21:25 2000 +0000
+++ b/usr.bin/error/filter.c    Fri Jan 14 06:53:48 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: filter.c,v 1.5 1998/11/06 23:10:08 christos Exp $      */
+/*     $NetBSD: filter.c,v 1.6 2000/01/14 06:53:48 mjl Exp $   */
 
 /*
  * Copyright (c) 1980, 1993
@@ -38,10 +38,10 @@
 #if 0
 static char sccsid[] = "@(#)filter.c   8.1 (Berkeley) 6/6/93";
 #endif
-__RCSID("$NetBSD: filter.c,v 1.5 1998/11/06 23:10:08 christos Exp $");
+__RCSID("$NetBSD: filter.c,v 1.6 2000/01/14 06:53:48 mjl Exp $");
 #endif /* not lint */
 
-#include <sys/types.h>
+#include <sys/param.h>
 #include <pwd.h>
 #include <unistd.h>
 #include <stdio.h>
@@ -73,8 +73,8 @@
        int     i;
        FILE    *fyle;
        char    inbuffer[256];
-       int     uid;
-       char    filename[128];
+       uid_t   uid;
+       char    filename[MAXPATHLEN];
        char    *username;
        struct  passwd *passwdentry;
 
@@ -90,10 +90,10 @@
                        if ( (passwdentry = (struct passwd *)getpwnam(username)) == NULL)
                                return;
                }
-               strcpy(filename, passwdentry->pw_dir);
-               (void)strcat(filename, ERRORNAME);
+               strlcpy(filename, passwdentry->pw_dir, sizeof(filename));
+               (void)strlcat(filename, ERRORNAME, sizeof(filename));
        } else
-               (void)strcpy(filename, auxname);
+               (void)strlcpy(filename, auxname, sizeof(filename));
 #ifdef FULLDEBUG
        printf("Opening file \"%s\" to read names to ignore.\n",
                filename);
@@ -108,7 +108,8 @@
        /*
         *      Make the first pass through the file, counting lines
         */
-       for (nignored = 0; fgets(inbuffer, 255, fyle) != NULL; nignored++)
+       for (nignored = 0;
+            fgets(inbuffer, sizeof(inbuffer)-1, fyle) != NULL; nignored++)
                continue;
        names_ignored = (char **)Calloc(nignored+1, sizeof (char *));
        fclose(fyle);
@@ -120,7 +121,8 @@
                nignored = 0;
                return;
        }
-       for (i=0; i < nignored && (fgets (inbuffer, 255, fyle) != NULL); i++){
+       for (i=0; i < nignored &&
+                 (fgets (inbuffer, sizeof(inbuffer)-1, fyle) != NULL); i++){
                names_ignored[i] = strsave(inbuffer);
                (void)substitute(names_ignored[i], '\n', '\0');
        }
diff -r 399f94421271 -r 9336117ccde1 usr.bin/error/pi.c
--- a/usr.bin/error/pi.c        Fri Jan 14 06:21:25 2000 +0000
+++ b/usr.bin/error/pi.c        Fri Jan 14 06:53:48 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pi.c,v 1.6 1998/11/06 23:10:08 christos Exp $  */
+/*     $NetBSD: pi.c,v 1.7 2000/01/14 06:53:48 mjl Exp $       */
 
 /*
  * Copyright (c) 1980, 1993
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)pi.c       8.1 (Berkeley) 6/6/93";
 #endif
-__RCSID("$NetBSD: pi.c,v 1.6 1998/11/06 23:10:08 christos Exp $");
+__RCSID("$NetBSD: pi.c,v 1.7 2000/01/14 06:53:48 mjl Exp $");
 #endif /* not lint */
 
 #include <stdio.h>
@@ -248,7 +248,7 @@
                 *      Where the | is intended to be a down arrow, so that
                 *      the pi error messages can be inserted above the
                 *      line in error, instead of below.  (All of the other
-                *      languages put thier messages before the source line,
+                *      languages put their messages before the source line,
                 *      instead of after it as does pi.)
                 *
                 *      where the pointer to the error has been truncated
diff -r 399f94421271 -r 9336117ccde1 usr.bin/error/subr.c
--- a/usr.bin/error/subr.c      Fri Jan 14 06:21:25 2000 +0000
+++ b/usr.bin/error/subr.c      Fri Jan 14 06:53:48 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr.c,v 1.8 1999/05/15 19:05:13 christos Exp $        */
+/*     $NetBSD: subr.c,v 1.9 2000/01/14 06:53:48 mjl Exp $     */
 
 /*
  * Copyright (c) 1980, 1993
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)subr.c     8.1 (Berkeley) 6/6/93";
 #endif
-__RCSID("$NetBSD: subr.c,v 1.8 1999/05/15 19:05:13 christos Exp $");
+__RCSID("$NetBSD: subr.c,v 1.9 2000/01/14 06:53:48 mjl Exp $");
 #endif /* not lint */
 
 #include <ctype.h>
@@ -82,7 +82,7 @@
        int     size;
 {
        char    *back;
-       if ( (back = (char *)calloc(nelements, size)) == (char *)NULL)
+       if ( (back = (char *)calloc(nelements, size)) == NULL)
                errx(1, "Ran out of memory.");
        return(back);
 }