diff options
| author |   deraadt <deraadt@openbsd.org> | 2000-12-22 22:53:10 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2000-12-22 22:53:10 +0000 |
| commit | 8fccd543b6c4c877361273a1e7d8bf45444d713c (patch) | |
| tree | 7f82f7d774eb0a06309f641cbb7486f4cedd7216 | |
| parent | strlcpy is great (diff) | |
| download | wireguard-openbsd-8fccd543b6c4c877361273a1e7d8bf45444d713c.tar.xz wireguard-openbsd-8fccd543b6c4c877361273a1e7d8bf45444d713c.zip | |
repair same static buf oflow in printf(1) and printf(1) internal inside csh(1)
| -rw-r--r-- | bin/csh/printf.c | 20 | ||||
| -rw-r--r-- | usr.bin/printf/printf.c | 34 |
2 files changed, 46 insertions, 8 deletions
diff --git a/bin/csh/printf.c b/bin/csh/printf.c index 5c46dd5b591..d680ff19287 100644 --- a/bin/csh/printf.c +++ b/bin/csh/printf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printf.c,v 1.9 2000/01/22 20:24:47 deraadt Exp $ */ +/* $OpenBSD: printf.c,v 1.10 2000/12/22 22:53:10 deraadt Exp $ */ /* $NetBSD: printf.c,v 1.6 1995/03/21 09:03:15 cgd Exp $ */ /* @@ -46,7 +46,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)printf.c 8.1 (Berkeley) 7/20/93"; #else -static char rcsid[] = "$OpenBSD: printf.c,v 1.9 2000/01/22 20:24:47 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: printf.c,v 1.10 2000/12/22 22:53:10 deraadt Exp $"; #endif #endif /* not lint */ @@ -227,10 +227,24 @@ mklong(str, ch) char *str; int ch; { - static char copy[64]; + static char *copy; + static int copysize; int len; len = strlen(str) + 2; + if (copysize < len) { + char *newcopy; + copysize = len + 256; + + newcopy = realloc(copy, copysize); + if (newcopy == NULL) { + copysize = 0; + free(copy); + copy = NULL; + return (NULL); + } + copy = newcopy; + } memmove(copy, str, len - 3); copy[len - 3] = 'l'; copy[len - 2] = ch; diff --git a/usr.bin/printf/printf.c b/usr.bin/printf/printf.c index 006ceba0518..50351b8e125 100644 --- a/usr.bin/printf/printf.c +++ b/usr.bin/printf/printf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printf.c,v 1.3 1997/01/17 07:13:06 millert Exp $ */ +/* $OpenBSD: printf.c,v 1.4 2000/12/22 22:53:10 deraadt Exp $ */ /* * Copyright (c) 1989 The Regents of the University of California. @@ -43,7 +43,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)printf.c 5.9 (Berkeley) 6/1/90";*/ -static char rcsid[] = "$OpenBSD: printf.c,v 1.3 1997/01/17 07:13:06 millert Exp $"; +static char rcsid[] = "$OpenBSD: printf.c,v 1.4 2000/12/22 22:53:10 deraadt Exp $"; #endif /* not lint */ #include <ctype.h> @@ -221,8 +221,13 @@ main(argc, argv) } case 'd': case 'i': { + long p; char *f = mklong(start, convch); - long p = getlong(); + if (!f) { + warnx("out of memory"); + return (1); + } + p = getlong(); PF(f, p); break; } @@ -230,8 +235,13 @@ main(argc, argv) case 'u': case 'x': case 'X': { + unsigned long p; char *f = mklong(start, convch); - unsigned long p = getulong(); + if (!f) { + warnx("out of memory"); + return (1); + } + p = getulong(); PF(f, p); break; } @@ -412,10 +422,24 @@ mklong(str, ch) const char *str; char ch; { - static char copy[64]; + static char *copy; + static int copysize; int len; len = strlen(str) + 2; + if (copysize < len) { + char *newcopy; + copysize = len + 256; + + newcopy = realloc(copy, copysize); + if (newcopy == NULL) { + copysize = 0; + free(copy); + copy = NULL; + return (NULL); + } + copy = newcopy; + } (void) memmove(copy, str, len - 3); copy[len - 3] = 'l'; copy[len - 2] = ch; |