Mercurial > illumos > illumos-gate
changeset 2932:9882da59a45c onnv_51
6452250 Unsafe code in more(1) utility can lead to segmentation faults
author | as145665 |
---|---|
date | Mon, 16 Oct 2006 17:04:12 -0700 |
parents | 6348b43829d4 |
children | b83c1115488b |
files | usr/src/cmd/more/more.c |
diffstat | 1 files changed, 16 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/more/more.c Mon Oct 16 17:00:43 2006 -0700 +++ b/usr/src/cmd/more/more.c Mon Oct 16 17:04:12 2006 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -956,7 +955,7 @@ static int lastcmd, lastp; static off_t lastarg; static int lastcolon; -char shell_line[132]; +char shell_line[PATH_MAX]; /* ** Read a command and do it. A command consists of an optional integer @@ -1671,11 +1670,11 @@ static int expand(char *outbuf, char *inbuf) { - register char *in_str; - register char *out_str; - register char ch; - char temp[200]; - int changed = 0; + char *in_str; + char *out_str; + char ch; + char temp[PATH_MAX]; + int changed = 0; in_str = inbuf; out_str = temp; @@ -1683,7 +1682,9 @@ switch (ch) { case '%': if (!no_intty) { - strcpy (out_str, fnames[fnum]); + if (strlcpy(out_str, fnames[fnum], sizeof (temp)) + >= sizeof (temp)) + error(gettext("Command too long")); out_str += strlen (fnames[fnum]); changed++; } @@ -1693,7 +1694,8 @@ case '!': if (!shellp) error (gettext("No previous command to substitute for")); - strcpy (out_str, shell_line); + if (strlcpy(out_str, shell_line, sizeof (temp)) >= sizeof (temp)) + error(gettext("Command too long")); out_str += strlen (shell_line); changed++; break; @@ -1706,7 +1708,8 @@ *out_str++ = ch; } *out_str++ = '\0'; - strcpy (outbuf, temp); + if (strlcpy(outbuf, temp, sizeof (shell_line)) >= sizeof (shell_line)) + error(gettext("Command too long")); return (changed); }