buf oflows; wosch & me

2 files changed, 18 insertions, 3 deletions

diff --git a/gnu/usr.bin/gzip/gzip.c b/gnu/usr.bin/gzip/gzip.c
index fc2e4a77ae4..213eae6dc55 100644
--- a/gnu/usr.bin/gzip/gzip.c
+++ b/gnu/usr.bin/gzip/gzip.c
@@ -45,7 +45,7 @@ static char  *license_msg[] = {
  */
 
 #ifdef RCSID
-static char rcsid[] = "$Id: gzip.c,v 1.2 1997/03/25 21:09:47 deraadt Exp $";
+static char rcsid[] = "$Id: gzip.c,v 1.3 1998/01/02 04:22:45 deraadt Exp $";
 #endif
 
 #include <ctype.h>
@@ -521,7 +521,13 @@ int main (argc, argv)
             if (*optarg == '.') optarg++;
 #endif
             z_len = strlen(optarg);
-            strcpy(z_suffix, optarg);
+	    if (z_len > z_suffix-1) {
+		fprintf(stderr, "%s: -S suffix too long\n", progname);
+		usage();
+		do_exit(ERROR);
+	    }
+            strncpy(z_suffix, optarg, sizeof z_suffix-1);
+	    z_suffix[sizeof z_suffix-1] = '\0';
             break;
 	case 't':
 	    test = decompress = to_stdout = 1;
@@ -1006,6 +1012,13 @@ local int get_istat(iname, sbuf)
     char *dot; /* pointer to ifname extension, or NULL */
 #endif
 
+    if (strlen(iname) >= sizeof(ifname) - 3) {
+	errno = ENAMETOOLONG;
+	perror(iname);
+	exit_code = ERROR;
+	return ERROR;
+    }
+
     strcpy(ifname, iname);
 
     /* If input file exists, return OK. */
diff --git a/gnu/usr.bin/gzip/inflate.c b/gnu/usr.bin/gzip/inflate.c
index 6669bda0004..1e813d4d6de 100644
--- a/gnu/usr.bin/gzip/inflate.c
+++ b/gnu/usr.bin/gzip/inflate.c
@@ -97,7 +97,7 @@
  */
 
 #ifdef RCSID
-static char rcsid[] = "$Id: inflate.c,v 1.1.1.1 1995/10/18 08:40:53 deraadt Exp $";
+static char rcsid[] = "$Id: inflate.c,v 1.2 1998/01/02 04:22:46 deraadt Exp $";
 #endif
 
 #include <sys/types.h>
@@ -767,6 +767,8 @@ int inflate_dynamic()
     return i;                   /* incomplete code set */
   }
 
+  if (tl == NULL)
+    return 2;
 
   /* read in literal and distance code lengths */
   n = nl + nd;