Date: Sun, 15 Dec 1996 12:30:12 +0200 (SAT) From: Johann Tonsing <jtonsing@zibbi.mikom.csir.co.za> To: freebsd-security@freebsd.org Cc: jhay@zibbi.mikom.csir.co.za (John Hay), roelof@cube.nanoteq.co.za (Roelof Temmingh) Subject: crontab buffer overflow - corrected patch Message-ID: <199612151030.MAA09448@zibbi.mikom.csir.co.za>
next in thread | raw e-mail | index | archive | help
Hi again! I've just been informed that one should use diff -c oldfile newfile or diff -u oldfile newfile when submitting patches. Here's the same patch again in that format. JT -- jtonsing@mikom.csir.co.za, Voice: +27 82 569-2323, Fax/Ans: +27 12 43-5643, S-mail: 173 Duxbury Rd, Hatfield, 0083 Pretoria, South Africa. PGP public key: ftp://skeleton.mikom.csir.co.za/pub/netsec.pgp/jtonsing.pub Send anonymous mail to jt-anon@zibbi.mikom.csir.co.za (no reply possible) *************************************************************************** --- ../old/crontab.c Thu May 2 14:57:40 1996 +++ crontab.c Sun Dec 15 12:00:41 1996 @@ -144,7 +144,8 @@ fprintf(stderr, "bailing out.\n"); exit(ERROR_EXIT); } - strcpy(User, pw->pw_name); + strncpy(User, pw->pw_name, sizeof(User)-1); + User[sizeof(User)-1] = '\0'; strcpy(RealUser, User); Filename[0] = '\0'; Option = opt_unknown; @@ -167,7 +168,8 @@ ProgramName, optarg); exit(ERROR_EXIT); } - (void) strcpy(User, optarg); + strncpy(User, optarg, sizeof(User)-1); + User[sizeof(User)-1] = '\0'; break; case 'l': if (Option != opt_unknown) @@ -198,7 +200,8 @@ } else { if (argv[optind] != NULL) { Option = opt_replace; - (void) strcpy (Filename, argv[optind]); + strncpy (Filename, argv[optind], sizeof(Filename)-1); + Filename[sizeof(Filename)-1] = '\0'; } else { usage("file name must be specified for replace"); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612151030.MAA09448>