From owner-freebsd-audit Sat Oct 7 23:19:50 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 1816A37B66C for ; Sat, 7 Oct 2000 23:19:29 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.9.3/8.9.3) id XAA18351 for audit@freebsd.org; Sat, 7 Oct 2000 23:20:05 -0700 (PDT) Date: Sat, 7 Oct 2000 23:20:05 -0700 From: Kris Kennaway To: audit@freebsd.org Subject: mrouted cleanup Message-ID: <20001007232005.A18332@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Please review.. Kris Index: cfparse.y =================================================================== RCS file: /usr2/ncvs/src/usr.sbin/mrouted/cfparse.y,v retrieving revision 1.10 diff -u -r1.10 cfparse.y --- cfparse.y 1999/08/28 01:17:03 1.10 +++ cfparse.y 2000/10/08 06:15:33 @@ -286,7 +286,7 @@ } boundlist[numbounds].name = malloc(strlen($2) + 1); - strcpy(boundlist[numbounds].name, $2); + strlcpy(boundlist[numbounds].name, $2, sizeof(boundlist[numbounds].name)); boundlist[numbounds++].bound = $3; } | SYSNAM STRING { @@ -658,7 +658,7 @@ fatal(char *fmt, ...) { va_list ap; - char buf[200]; + char buf[MAXHOSTNAMELEN + 100]; va_start(ap, fmt); #else @@ -669,11 +669,11 @@ va_dcl { va_list ap; - char buf[200]; + char buf[MAXHOSTNAMELEN + 100]; va_start(ap); #endif - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); log(LOG_ERR,0,"%s: %s near line %d", configfilename, buf, lineno); @@ -699,7 +699,7 @@ va_start(ap); #endif - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); log(LOG_WARNING,0,"%s: %s near line %d", configfilename, buf, lineno); Index: main.c =================================================================== RCS file: /usr2/ncvs/src/usr.sbin/mrouted/main.c,v retrieving revision 1.17 diff -u -r1.17 main.c --- main.c 2000/03/26 14:44:32 1.17 +++ main.c 2000/10/08 06:13:40 @@ -267,7 +267,7 @@ #ifdef SYSV srand48(time(NULL)); #else - srandom(gethostid()); + srandomdev(); #endif /* @@ -966,7 +966,7 @@ va_start(ap); #endif - vsprintf(&fmt[10], format, ap); + vsnprintf(&fmt[10], sizeof(fmt) - 10, format, ap); va_end(ap); msg = (severity == LOG_WARNING) ? fmt : &fmt[10]; @@ -987,7 +987,7 @@ gettimeofday(&now,NULL); now_sec = now.tv_sec; thyme = localtime(&now_sec); - sprintf(logmsg[logmsgno++], "%02d:%02d:%02d.%03ld %s err %d", + snprintf(logmsg[logmsgno++], LOGMSGSIZE, "%02d:%02d:%02d.%03ld %s err %d", thyme->tm_hour, thyme->tm_min, thyme->tm_sec, now.tv_usec / 1000, msg, syserr); logmsgno %= NLOGMSGS; Index: mtrace.c =================================================================== RCS file: /usr2/ncvs/src/usr.sbin/mrouted/mtrace.c,v retrieving revision 1.18 diff -u -r1.18 mtrace.c --- mtrace.c 2000/03/26 14:44:34 1.18 +++ mtrace.c 2000/10/08 06:13:58 @@ -1263,7 +1263,7 @@ #ifdef SYSV TR_SETQID(query->tr_rttlqid, ((u_int32)lrand48() >> 8)); #else - TR_SETQID(query->tr_rttlqid, ((u_int32)random() >> 8)); + TR_SETQID(query->tr_rttlqid, ((u_int32)arc4random() >> 8)); #endif /* @@ -1776,7 +1776,7 @@ if (names[i-1]) free(names[i-1]); names[i-1]=malloc(strlen(name) + 1); - strcpy(names[i-1], name); + strlcpy(names[i-1], name, sizeof(names[i-1])); } } @@ -2746,7 +2746,7 @@ #ifdef SYSV srand48(seed); #else - srandom(seed); + srandomdev(); #endif /* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message