From owner-freebsd-current  Tue Nov 23 23:54: 1 1999
Delivered-To: freebsd-current@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7A8E515022; Tue, 23 Nov 1999 23:53:57 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA12044;
	Wed, 24 Nov 1999 00:51:49 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA18930; Wed, 24 Nov 1999 00:52:08 -0700 (MST)
Message-Id: <199911240752.AAA18930@harmony.village.org>
To: Kris Kennaway <kris@hub.freebsd.org>
Subject: Re: Overflow in banner(1) 
Cc: current@FreeBSD.ORG
In-reply-to: Your message of "Tue, 23 Nov 1999 21:15:35 PST."
		<Pine.BSF.4.21.9911232111470.75155-100000@hub.freebsd.org> 
References: <Pine.BSF.4.21.9911232111470.75155-100000@hub.freebsd.org>  
Date: Wed, 24 Nov 1999 00:52:08 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <Pine.BSF.4.21.9911232111470.75155-100000@hub.freebsd.org> Kris Kennaway writes:
: I'll commit this tomorrow (just wanted to get in a 'first post!' :-)..

Please don't.  Please use a proper fix instead.

:  	/* Have now read in the data. Next get the message to be printed. */
:  	if (*argv) {
: -		strcpy(message, *argv);
: +		strncpy(message, *argv, MAXMSG);
:  		while (*++argv) {
: -			strcat(message, " ");
: -			strcat(message, *argv);
: +			strlcat(message, " ", MAXMSG);
: +			strlcat(message, *argv, MAXMSG);

Can you precompute the length, malloc the buffer and go from there?
wouldn't that be better?

:  		}
:  		nchars = strlen(message);
:  	} else {
:  		fprintf(stderr,"Message: ");
: -		(void)fgets(message, sizeof(message), stdin);
: +		(void)fgets(message, MAXMSG, stdin);

This is bad style.  Don't make this change.

:  		nchars = strlen(message);
:  		message[nchars--] = '\0';	/* get rid of newline */
:  	}

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message