aboutsummaryrefslogtreecommitdiff
path: root/usr.bin/wall
diff options
context:
space:
mode:
authorPedro F. Giffuni <pfg@FreeBSD.org>2015-08-01 01:29:55 +0000
committerPedro F. Giffuni <pfg@FreeBSD.org>2015-08-01 01:29:55 +0000
commitfc9ce3812df40730cbf17cfcd4ce64bf9387fadb (patch)
treef5569be561692fa0b1745ceb8cd25e7781e343db /usr.bin/wall
parentafd010c196fa7803a607e53c8b2336f73f3d0894 (diff)
downloadsrc-fc9ce3812df40730cbf17cfcd4ce64bf9387fadb.tar.gz
src-fc9ce3812df40730cbf17cfcd4ce64bf9387fadb.zip
Buffer overflow in wall(1).
Revert r286102 and apply a cleaner fix. Tested for overflows by FORTIFY_SOURCE GSoC (with clang). Suggested by: bde Reviewed by: Oliver Pinter Tested by: Oliver Pinter MFC after: 3 days
Notes
Notes: svn path=/head/; revision=286144
Diffstat (limited to 'usr.bin/wall')
-rw-r--r--usr.bin/wall/ttymsg.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/wall/ttymsg.c b/usr.bin/wall/ttymsg.c
index 1317a4b0cb60..afa3d266ad3a 100644
--- a/usr.bin/wall/ttymsg.c
+++ b/usr.bin/wall/ttymsg.c
@@ -62,7 +62,7 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout)
struct iovec localiov[7];
ssize_t left, wret;
int cnt, fd;
- char device[MAXNAMLEN] = _PATH_DEV;
+ char device[MAXNAMLEN];
static char errbuf[1024];
char *p;
int forked;
@@ -71,8 +71,9 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout)
if (iovcnt > (int)(sizeof(localiov) / sizeof(localiov[0])))
return ("too many iov's (change code in wall/ttymsg.c)");
- strlcat(device, line, sizeof(device));
+ strlcpy(device, _PATH_DEV, sizeof(device));
p = device + sizeof(_PATH_DEV) - 1;
+ strlcpy(p, line, sizeof(device) - sizeof(_PATH_DEV));
if (strncmp(p, "pts/", 4) == 0)
p += 4;
if (strchr(p, '/') != NULL) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 14:27:54 +0000