diff options
author | Pedro F. Giffuni <pfg@FreeBSD.org> | 2015-08-01 01:29:55 +0000 |
---|---|---|
committer | Pedro F. Giffuni <pfg@FreeBSD.org> | 2015-08-01 01:29:55 +0000 |
commit | fc9ce3812df40730cbf17cfcd4ce64bf9387fadb (patch) | |
tree | f5569be561692fa0b1745ceb8cd25e7781e343db /usr.bin/wall | |
parent | afd010c196fa7803a607e53c8b2336f73f3d0894 (diff) | |
download | src-fc9ce3812df40730cbf17cfcd4ce64bf9387fadb.tar.gz src-fc9ce3812df40730cbf17cfcd4ce64bf9387fadb.zip |
Buffer overflow in wall(1).
Revert r286102 and apply a cleaner fix.
Tested for overflows by FORTIFY_SOURCE GSoC (with clang).
Suggested by: bde
Reviewed by: Oliver Pinter
Tested by: Oliver Pinter
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=286144
Diffstat (limited to 'usr.bin/wall')
-rw-r--r-- | usr.bin/wall/ttymsg.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/wall/ttymsg.c b/usr.bin/wall/ttymsg.c index 1317a4b0cb60..afa3d266ad3a 100644 --- a/usr.bin/wall/ttymsg.c +++ b/usr.bin/wall/ttymsg.c @@ -62,7 +62,7 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout) struct iovec localiov[7]; ssize_t left, wret; int cnt, fd; - char device[MAXNAMLEN] = _PATH_DEV; + char device[MAXNAMLEN]; static char errbuf[1024]; char *p; int forked; @@ -71,8 +71,9 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout) if (iovcnt > (int)(sizeof(localiov) / sizeof(localiov[0]))) return ("too many iov's (change code in wall/ttymsg.c)"); - strlcat(device, line, sizeof(device)); + strlcpy(device, _PATH_DEV, sizeof(device)); p = device + sizeof(_PATH_DEV) - 1; + strlcpy(p, line, sizeof(device) - sizeof(_PATH_DEV)); if (strncmp(p, "pts/", 4) == 0) p += 4; if (strchr(p, '/') != NULL) { |