[src/trunk]: src/usr.sbin/pppd avoid possible buffer overrun

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/usr.sbin/pppd avoid possible buffer overrun
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 13:06:56 +0000

details:   https://anonhg.NetBSD.org/src/rev/4a8ba45aa4c3
branches:  trunk
changeset: 547295:4a8ba45aa4c3
user:      itojun <itojun%NetBSD.org@localhost>
date:      Fri May 16 18:15:34 2003 +0000

description:
avoid possible buffer overrun

diffstat:

 usr.sbin/pppd/chat/chat.c    |  16 +++++++++-------
 usr.sbin/pppd/pppd/auth.c    |   6 +++---
 usr.sbin/pppd/pppd/ipv6cp.c  |  13 +++++++------
 usr.sbin/pppd/pppd/options.c |   6 +++---
 usr.sbin/pppd/pppd/utils.c   |   7 ++++---
 5 files changed, 26 insertions(+), 22 deletions(-)

diffs (183 lines):

diff -r 120d2123650b -r 4a8ba45aa4c3 usr.sbin/pppd/chat/chat.c
--- a/usr.sbin/pppd/chat/chat.c Fri May 16 18:10:37 2003 +0000
+++ b/usr.sbin/pppd/chat/chat.c Fri May 16 18:15:34 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: chat.c,v 1.26 2002/12/06 15:17:18 thorpej Exp $        */
+/*     $NetBSD: chat.c,v 1.27 2003/05/16 18:15:34 itojun Exp $ */
 
 /*
  *     Chat -- a program for automatic session establishment (i.e. dial
@@ -93,7 +93,7 @@
 #if 0
 static const char rcsid[] = "Id: chat.c,v 1.26 1999/12/23 01:39:54 paulus Exp ";
 #else
-__RCSID("$NetBSD: chat.c,v 1.26 2002/12/06 15:17:18 thorpej Exp $");
+__RCSID("$NetBSD: chat.c,v 1.27 2003/05/16 18:15:34 itojun Exp $");
 #endif
 #endif
 
@@ -988,11 +988,11 @@
     c &= 0x7F;
 
     if (c < 32)
-       sprintf(string, "%s^%c", meta, (int)c + '@');
+       snprintf(string, sizeof(string), "%s^%c", meta, (int)c + '@');
     else if (c == 127)
-       sprintf(string, "%s^?", meta);
+       snprintf(string, sizeof(string), "%s^?", meta);
     else
-       sprintf(string, "%s%c", meta, c);
+       snprintf(string, sizeof(string), "%s%c", meta, c);
 
     return (string);
 }
@@ -1410,7 +1410,8 @@
                    struct tm* tm_now = localtime (&time_now);
 
                    strftime (report_buffer, 20, "%b %d %H:%M:%S ", tm_now);
-                   strcat (report_buffer, report_string[n]);
+                   strlcat(report_buffer, report_string[n],
+                     sizeof(report_buffer));
 
                    report_string[n] = (char *) NULL;
                    report_gathering = 1;
@@ -1456,7 +1457,8 @@
                alarm(0);
                alarmed = 0;
                exit_code = n + 4;
-               strcpy(fail_reason = fail_buffer, abort_string[n]);
+               strlcpy(fail_buffer, abort_string[n], sizeof(fail_buffer));
+               fail_reason = fail_buffer;
                return (0);
            }
        }
diff -r 120d2123650b -r 4a8ba45aa4c3 usr.sbin/pppd/pppd/auth.c
--- a/usr.sbin/pppd/pppd/auth.c Fri May 16 18:10:37 2003 +0000
+++ b/usr.sbin/pppd/pppd/auth.c Fri May 16 18:15:34 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: auth.c,v 1.33 2002/09/13 14:32:12 itojun Exp $ */
+/*     $NetBSD: auth.c,v 1.34 2003/05/16 18:15:34 itojun Exp $ */
 
 /*
  * auth.c - PPP authentication and phase control.
@@ -78,7 +78,7 @@
 #if 0
 #define RCSID  "Id: auth.c,v 1.69 2001/03/12 22:50:01 paulus Exp "
 #else
-__RCSID("$NetBSD: auth.c,v 1.33 2002/09/13 14:32:12 itojun Exp $");
+__RCSID("$NetBSD: auth.c,v 1.34 2003/05/16 18:15:34 itojun Exp $");
 #endif
 #endif
 
@@ -1878,7 +1878,7 @@
            if (ap == NULL)
                novm("authorized addresses");
            ap->word = (char *) (ap + 1);
-           strcpy(ap->word, word);
+           strlcpy(ap->word, word, strlen(word) + 1);
            *app = ap;
            app = &ap->next;
        }
diff -r 120d2123650b -r 4a8ba45aa4c3 usr.sbin/pppd/pppd/ipv6cp.c
--- a/usr.sbin/pppd/pppd/ipv6cp.c       Fri May 16 18:10:37 2003 +0000
+++ b/usr.sbin/pppd/pppd/ipv6cp.c       Fri May 16 18:15:34 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipv6cp.c,v 1.10 2002/05/29 19:06:32 christos Exp $     */
+/*     $NetBSD: ipv6cp.c,v 1.11 2003/05/16 18:15:34 itojun Exp $       */
 
 /*
     ipv6cp.c - PPP IPV6 Control Protocol.
@@ -100,7 +100,7 @@
 #if 0
 #define RCSID  "Id: ipv6cp.c,v 1.15 2001/03/22 00:42:33 paulus Exp "
 #else
-__RCSID("$NetBSD: ipv6cp.c,v 1.10 2002/05/29 19:06:32 christos Exp $");
+__RCSID("$NetBSD: ipv6cp.c,v 1.11 2003/05/16 18:15:34 itojun Exp $");
 #endif
 #endif
 
@@ -371,7 +371,7 @@
 {
     static char b[64];
 
-    sprintf(b, "fe80::%s", eui64_ntoa(ifaceid));
+    snprintf(b, sizeof(b), "fe80::%s", eui64_ntoa(ifaceid));
     return b;
 }
 
@@ -1373,9 +1373,10 @@
     char strspeed[32], strlocal[32], strremote[32];
     char *argv[8];
 
-    sprintf(strspeed, "%d", baud_rate);
-    strcpy(strlocal, llv6_ntoa(ipv6cp_gotoptions[0].ourid));
-    strcpy(strremote, llv6_ntoa(ipv6cp_hisoptions[0].hisid));
+    snprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
+    strlcpy(strlocal, llv6_ntoa(ipv6cp_gotoptions[0].ourid), sizeof(strlocal));
+    strlcpy(strremote, llv6_ntoa(ipv6cp_hisoptions[0].hisid),
+      sizeof(strremote));
 
     argv[0] = script;
     argv[1] = ifname;
diff -r 120d2123650b -r 4a8ba45aa4c3 usr.sbin/pppd/pppd/options.c
--- a/usr.sbin/pppd/pppd/options.c      Fri May 16 18:10:37 2003 +0000
+++ b/usr.sbin/pppd/pppd/options.c      Fri May 16 18:15:34 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: options.c,v 1.38 2002/07/06 18:21:43 itojun Exp $      */
+/*     $NetBSD: options.c,v 1.39 2003/05/16 18:15:34 itojun Exp $      */
 
 /*
  * options.c - handles option processing for PPP.
@@ -47,7 +47,7 @@
 #if 0
 #define RCSID  "Id: options.c,v 1.80 2001/03/12 22:56:12 paulus Exp "
 #else
-__RCSID("$NetBSD: options.c,v 1.38 2002/07/06 18:21:43 itojun Exp $");
+__RCSID("$NetBSD: options.c,v 1.39 2003/05/16 18:15:34 itojun Exp $");
 #endif
 #endif
 
@@ -758,7 +758,7 @@
 
            ovp = malloc(sizeof(*ovp) + strlen(*argv));
            if (ovp != 0) {
-               strcpy(ovp->value, *argv);
+               strlcpy(ovp->value, *argv, sizeof(ovp->value));
                ovp->source = option_source;
                ovp->next = NULL;
                pp = (struct option_value **) &opt->addr2;
diff -r 120d2123650b -r 4a8ba45aa4c3 usr.sbin/pppd/pppd/utils.c
--- a/usr.sbin/pppd/pppd/utils.c        Fri May 16 18:10:37 2003 +0000
+++ b/usr.sbin/pppd/pppd/utils.c        Fri May 16 18:15:34 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: utils.c,v 1.9 2002/09/13 14:32:13 itojun Exp $ */
+/*     $NetBSD: utils.c,v 1.10 2003/05/16 18:15:34 itojun Exp $        */
 
 /*
  * utils.c - various utility functions used in pppd.
@@ -40,7 +40,7 @@
 #if 0
 #define RCSID  "Id: utils.c,v 1.13 2001/03/16 02:08:13 paulus Exp "
 #else
-__RCSID("$NetBSD: utils.c,v 1.9 2002/09/13 14:32:13 itojun Exp $");
+__RCSID("$NetBSD: utils.c,v 1.10 2003/05/16 18:15:34 itojun Exp $");
 #endif
 #endif
 
@@ -88,6 +88,7 @@
     int len;
 };
 
+#if 0
 /*
  * strlcpy - like strcpy/strncpy, doesn't overflow destination buffer,
  * always leaves destination null-terminated (for len > 0).
@@ -125,7 +126,7 @@
 
     return dlen + strlcpy(dest + dlen, src, (len > dlen? len - dlen: 0));
 }
-
+#endif
 
 /*
  * slprintf - format a message into a buffer.  Like sprintf except we

Prev by Date: [src/trunk]: src/sys/netinet6 backout previous. (sys/net/if.c fixed)
Next by Date: [src/trunk]: src/distrib/utils/sysinst Add missing messages (need translating)
Previous by Thread: [src/trunk]: src/sys/netinet6 backout previous. (sys/net/if.c fixed)
Next by Thread: [src/trunk]: src/distrib/utils/sysinst Add missing messages (need translating)
Indexes:

Home | Main Index | Thread Index | Old Index