summaryrefslogtreecommitdiff
path: root/sysutils
diff options
context:
space:
mode:
authorBrian Feldman <green@FreeBSD.org>2000-08-21 23:12:28 +0000
committerBrian Feldman <green@FreeBSD.org>2000-08-21 23:12:28 +0000
commit0de16cac260212b6f9828f660f305d2e6dd36a85 (patch)
treefc7e851c23c5deb1a731995d270705ac27db3434 /sysutils
parentMakefile simplification and removed references to a removed patch. (diff)
Fix several (of course, root-exploitable) buffer overflows.
Diffstat (limited to 'sysutils')
-rw-r--r--sysutils/eject/files/patch-aa86
1 files changed, 86 insertions, 0 deletions
diff --git a/sysutils/eject/files/patch-aa b/sysutils/eject/files/patch-aa
new file mode 100644
index 000000000000..aa38c14c55f1
--- /dev/null
+++ b/sysutils/eject/files/patch-aa
@@ -0,0 +1,86 @@
+--- eject.c.orig Mon Aug 21 18:49:55 2000
++++ eject.c Mon Aug 21 19:00:45 2000
+@@ -43,8 +43,8 @@
+ extern int optind;
+
+ void usage(void);
+-int check_device(char *, char *);
+-int unmount_fs(char *, char *);
++int check_device(char *, char **);
++int unmount_fs(char *, char **);
+ int eject(char *, char *);
+
+ char *program = "eject";
+@@ -65,8 +65,8 @@
+ {
+ int ch;
+ int sts;
+- char device[256], name[256];
+- char err[256];
++ char *device, *name;
++ char *err;
+ char *defdev;
+
+ fflag = nflag = vflag = 0;
+@@ -95,18 +95,18 @@
+ if (argc == 0) {
+ usage();
+ }
+- strcpy(name, *argv);
++ name = strdup(*argv);
+ } else {
+- strcpy(name, defdev);
++ name = strdup(defdev);
+ }
+
+- sts = check_device(name, device);
++ sts = check_device(name, &device);
+ if (sts < 0) {
+ perror(program);
+ exit(1);
+ }
+
+- sts = unmount_fs(name, err);
++ sts = unmount_fs(name, &err);
+ if (sts < 0) {
+ perror(err);
+ exit(1);
+@@ -128,16 +128,17 @@
+ int
+ check_device(name, device)
+ char *name;
+- char *device;
++ char **device;
+ {
+ int sts;
+ struct stat sb;
+
+- sprintf(device, "/dev/r%sc", name);
++ if (asprintf(device, "/dev/%sc", name) == -1)
++ return sts;
+ if (vflag || nflag) {
+ printf("%s: using device %s\n", program, device);
+ }
+- sts = stat(device, &sb);
++ sts = stat(*device, &sb);
+
+ return sts;
+ }
+@@ -155,7 +156,7 @@
+ int
+ unmount_fs(name, err)
+ char *name;
+- char *err;
++ char **err;
+ {
+ int mnts;
+ struct statfs *mntbuf;
+@@ -221,7 +222,7 @@
+ sts = 0;
+ }
+ if (sts < 0 && fflag == 0) {
+- sprintf(err, "%s: %s", program, mp->mntonname);
++ asprintf(err, "%s: %s", program, mp->mntonname);
+ return sts;
+ }
+ nextp = mp->next;