diff options
| author |   millert <millert@openbsd.org> | 1996-10-28 00:50:13 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 1996-10-28 00:50:13 +0000 |
| commit | 357c304906f43aee00dd564b8df79f70a5c25c4e (patch) | |
| tree | 8157629e7d39b34eaf75068ef5e6c7b5e663f241 | |
| parent | Use snprintf(). Solves $HOME overflow and others. (diff) | |
| download | wireguard-openbsd-357c304906f43aee00dd564b8df79f70a5c25c4e.tar.xz wireguard-openbsd-357c304906f43aee00dd564b8df79f70a5c25c4e.zip | |
Safe $HOME handling.
| -rw-r--r-- | usr.bin/nohup/nohup.c | 7 | ||||
| -rw-r--r-- | usr.bin/telnet/commands.c | 6 |
2 files changed, 7 insertions, 6 deletions
diff --git a/usr.bin/nohup/nohup.c b/usr.bin/nohup/nohup.c index 73f5ed29453..369b64ce530 100644 --- a/usr.bin/nohup/nohup.c +++ b/usr.bin/nohup/nohup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nohup.c,v 1.2 1996/06/26 05:37:36 deraadt Exp $ */ +/* $OpenBSD: nohup.c,v 1.3 1996/10/28 00:50:13 millert Exp $ */ /* $NetBSD: nohup.c,v 1.6 1995/08/31 23:35:25 jtc Exp $ */ /* @@ -44,7 +44,7 @@ char copyright[] = #if 0 static char sccsid[] = "@(#)nohup.c 5.4 (Berkeley) 6/1/90"; #endif -static char rcsid[] = "$OpenBSD: nohup.c,v 1.2 1996/06/26 05:37:36 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: nohup.c,v 1.3 1996/10/28 00:50:13 millert Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -116,7 +116,8 @@ dofile() p = FILENAME; if ((fd = open(p, O_RDWR|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR)) >= 0) goto dupit; - if ((p = getenv("HOME")) != NULL) { + if ((p = getenv("HOME")) != NULL && + (strlen(p) + strlen(FILENAME) + 1) < sizeof(path)) { (void)strcpy(path, p); (void)strcat(path, "/"); (void)strcat(path, FILENAME); diff --git a/usr.bin/telnet/commands.c b/usr.bin/telnet/commands.c index c04b2f82b29..eed1a0ce835 100644 --- a/usr.bin/telnet/commands.c +++ b/usr.bin/telnet/commands.c @@ -1,4 +1,4 @@ -/* $OpenBSD: commands.c,v 1.6 1996/09/05 09:10:02 deraadt Exp $ */ +/* $OpenBSD: commands.c,v 1.7 1996/10/28 00:54:10 millert Exp $ */ /* $NetBSD: commands.c,v 1.14 1996/03/24 22:03:48 jtk Exp $ */ /* @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)commands.c 8.4 (Berkeley) 5/30/95"; static char rcsid[] = "$NetBSD: commands.c,v 1.14 1996/03/24 22:03:48 jtk Exp $"; #else -static char rcsid[] = "$OpenBSD: commands.c,v 1.6 1996/09/05 09:10:02 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: commands.c,v 1.7 1996/10/28 00:54:10 millert Exp $"; #endif #endif /* not lint */ @@ -2636,7 +2636,7 @@ cmdrc(m1, m2) if (rcname == 0) { rcname = getenv("HOME"); - if (rcname) + if (rcname && (strlen(rcname) + 10) < sizeof(rcbuf)) strcpy(rcbuf, rcname); else rcbuf[0] = '\0'; |