Date: Wed, 24 Nov 1999 00:52:08 -0700 From: Warner Losh <imp@village.org> To: Kris Kennaway <kris@hub.freebsd.org> Cc: current@FreeBSD.ORG Subject: Re: Overflow in banner(1) Message-ID: <199911240752.AAA18930@harmony.village.org> In-Reply-To: Your message of "Tue, 23 Nov 1999 21:15:35 PST." <Pine.BSF.4.21.9911232111470.75155-100000@hub.freebsd.org> References: <Pine.BSF.4.21.9911232111470.75155-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.21.9911232111470.75155-100000@hub.freebsd.org> Kris Kennaway writes:
: I'll commit this tomorrow (just wanted to get in a 'first post!' :-)..
Please don't. Please use a proper fix instead.
: /* Have now read in the data. Next get the message to be printed. */
: if (*argv) {
: - strcpy(message, *argv);
: + strncpy(message, *argv, MAXMSG);
: while (*++argv) {
: - strcat(message, " ");
: - strcat(message, *argv);
: + strlcat(message, " ", MAXMSG);
: + strlcat(message, *argv, MAXMSG);
Can you precompute the length, malloc the buffer and go from there?
wouldn't that be better?
: }
: nchars = strlen(message);
: } else {
: fprintf(stderr,"Message: ");
: - (void)fgets(message, sizeof(message), stdin);
: + (void)fgets(message, MAXMSG, stdin);
This is bad style. Don't make this change.
: nchars = strlen(message);
: message[nchars--] = '\0'; /* get rid of newline */
: }
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911240752.AAA18930>