diff options
| author |   deraadt <deraadt@openbsd.org> | 1996-06-19 10:03:43 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 1996-06-19 10:03:43 +0000 |
| commit | ab3e11b2738bccaf54aa48dc091f9f7eabd84cf7 (patch) | |
| tree | 34fef91a5a26ad3ba5919c106da6e102fe46d2cb | |
| parent | our kernel is bsd, not netbsd. (diff) | |
| download | wireguard-openbsd-ab3e11b2738bccaf54aa48dc091f9f7eabd84cf7.tar.xz wireguard-openbsd-ab3e11b2738bccaf54aa48dc091f9f7eabd84cf7.zip | |
do not overflow term buffer, noted initially by darren reed. my own fix
| -rw-r--r-- | usr.bin/rlogin/rlogin.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/usr.bin/rlogin/rlogin.c b/usr.bin/rlogin/rlogin.c index c1bb31ee08e..5f05baff7af 100644 --- a/usr.bin/rlogin/rlogin.c +++ b/usr.bin/rlogin/rlogin.c @@ -256,10 +256,20 @@ main(argc, argv) exit(1); } - (void)strcpy(term, (p = getenv("TERM")) ? p : "network"); + (void)strncpy(term, (p = getenv("TERM")) ? p : "network", + sizeof(term) - 1); + term[sizeof(term) - 1] = '\0'; + + /* + * Add "/baud" only if there is room left; ie. do not send "/19" + * for 19200 baud with a particularily long $TERM + */ if (tcgetattr(0, &tty) == 0) { - (void)strcat(term, "/"); - (void)sprintf(term + strlen(term), "%d", cfgetospeed(&tty)); + char baud[20]; /* more than enough.. */ + + (void)sprintf(baud, "/%d", cfgetospeed(&tty)); + if (strlen(term) + strlen(baud) < sizeof(term) - 1) + (void)strcat(term, baud); } (void)get_window_size(0, &winsize); |