[src/trunk]: src/usr.bin/checknr v1.14 from OpenBSD (jaredy):

[wiz <wiz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d79c5a53e7af
branches:  trunk
changeset: 579880:d79c5a53e7af
user:      wiz <wiz%NetBSD.org@localhost>
date:      Wed Mar 30 14:18:41 2005 +0000

description:
v1.14 from OpenBSD (jaredy):
 - fix overflow when too many -a arguments are given
 - properly NUL-terminate -a arguments when copying
 - check strdup for error failure

diffstat:

 usr.bin/checknr/checknr.c |  22 +++++++++++++---------
 1 files changed, 13 insertions(+), 9 deletions(-)

diffs (57 lines):

diff -r 8f7b74ee8d1a -r d79c5a53e7af usr.bin/checknr/checknr.c
--- a/usr.bin/checknr/checknr.c Wed Mar 30 13:15:13 2005 +0000
+++ b/usr.bin/checknr/checknr.c Wed Mar 30 14:18:41 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: checknr.c,v 1.15 2005/02/02 17:14:29 wiz Exp $ */
+/*     $NetBSD: checknr.c,v 1.16 2005/03/30 14:18:41 wiz Exp $ */
 
 /*
  * Copyright (c) 1980, 1993
@@ -39,7 +39,7 @@
 #if 0
 static char sccsid[] = "@(#)checknr.c  8.1 (Berkeley) 6/6/93";
 #else 
-__RCSID("$NetBSD: checknr.c,v 1.15 2005/02/02 17:14:29 wiz Exp $");
+__RCSID("$NetBSD: checknr.c,v 1.16 2005/03/30 14:18:41 wiz Exp $");
 #endif
 #endif /* not lint */
 
@@ -138,7 +138,7 @@
        {"TS",  "TE"},
        /* Refer */
        {"[",   "]"},
-       {0,     0},
+       {0,     0}
 };
 
 /*
@@ -235,10 +235,14 @@
                        for (i=0; br[i].opbr; i++)
                                ;
                        for (cp=argv[1]+3; cp[-1]; cp += 6) {
-                               br[i].opbr = malloc(3);
-                               strncpy(br[i].opbr, cp, 2);
-                               br[i].clbr = malloc(3);
-                               strncpy(br[i].clbr, cp+3, 2);
+                               if (i >= MAXBR)
+                                       errx(1, "too many pairs");
+                               if ((br[i].opbr = malloc(3)) == NULL)
+                                       err(1, "malloc");
+                               strlcpy(br[i].opbr, cp, 3);
+                               if ((br[i].clbr = malloc(3)) == NULL)
+                                       err(1, "malloc");
+                               strlcpy(br[i].clbr, cp+3, 3);
                                addmac(br[i].opbr);     /* knows pairs are also known cmds */
                                addmac(br[i].clbr);
                                i++;
@@ -592,8 +596,8 @@
        dest = src+1;
        while (dest > loc)
                *dest-- = *src--;
-       *loc = malloc(3);
-       strcpy(*loc, mac);
+       if ((*loc = strdup(mac)) == NULL)
+               err(1, "strdup");
        ncmds++;
 #ifdef DEBUG
        printf("after: %s %s %s %s %s, %d cmds\n", knowncmds[slot-2],