diff options
| author | Wes Peters <wes@FreeBSD.org> | 2002-06-17 04:33:45 +0000 |
|---|---|---|
| committer | Wes Peters <wes@FreeBSD.org> | 2002-06-17 04:33:45 +0000 |
| commit | c99d9a4052d05f308a71deab49761a8a15e09a69 (patch) | |
| tree | 0863d94f06a71e6dafe2e1216c8997be465e6342 /net/sharity-light | |
| parent | Connect linux-edonkey-gui-gtk with build after repo copy from (diff) | |
Don't allow environment variables to overflow their buffers.
Reviewed by: nectar@
Notes
Notes:
svn path=/head/; revision=61406
Diffstat (limited to 'net/sharity-light')
| -rw-r--r-- | net/sharity-light/files/patch-getenv | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/net/sharity-light/files/patch-getenv b/net/sharity-light/files/patch-getenv new file mode 100644 index 000000000000..c128a97bbb8c --- /dev/null +++ b/net/sharity-light/files/patch-getenv @@ -0,0 +1,74 @@ +--- rumba.c.orig Tue Jun 11 11:27:59 2002 ++++ rumba.c Tue Jun 11 13:32:39 2002 +@@ -24,6 +24,8 @@ + + /* ------------------------------------------------------------------------- */ + ++#define NAMESIZE 64 ++ + int debug_mode = 0; + char fake_dot_in_root = 1; + char fake_dotdot_in_root = 1; +@@ -260,7 +262,7 @@ + int got_password, upcase_password; + int port = -1, max_xmit = -1; + char server_name[17], client_name[17]; +-char username[64], password[64], run_as_daemon; ++char username[NAMESIZE], password[NAMESIZE], run_as_daemon; + char *mount_point, *server, *share, *root, *user_dummy, *p; + static fh_t root_fh[32/sizeof(fh_t)] = {0}; + unsigned ipAddr; +@@ -320,12 +322,17 @@ + strcpy(server_name, hostName); + } + } ++ + if(getenv("USER")){ +- strcpy(username, getenv("USER")); ++ if (strlcpy(username, getenv("USER"), NAMESIZE) >= NAMESIZE) ++ eprintf("$USER too long, truncated to \"%s\"\n", ++ username); + str_upper(username); + } +- if(username[0] == 0 && getenv("LOGNAME")){ +- strcpy(username,getenv("LOGNAME")); ++ else if(getenv("LOGNAME")){ ++ if (strlcpy(username, getenv("LOGNAME"), NAMESIZE) >= NAMESIZE); ++ eprintf("$LOGNAME too long, truncated to \"%s\"\n", ++ username); + str_upper(username); + } + +@@ -415,7 +422,7 @@ + got_password = 1; + break; + case 'i': +- if(fgets(password, sizeof(password), stdin) != NULL){ ++ if(fgets(password, NAMESIZE, stdin) != NULL){ + if((p = strrchr(password, '\n')) != NULL) + *p = 0; + got_password = 1; +@@ -462,13 +469,18 @@ + conf_dirmode = conf_filemode; + conf_dirmode |= (conf_dirmode & 0444) >> 2; + } ++ + if(!got_password){ +- char *pw; +- if((pw = getenv("PASSWD"))) +- strcpy(password, pw); +- else +- strcpy(password, getpass("Password: ")); ++ char *pw, *src = "$PASSWD"; ++ if ((pw = getenv("PASSWD")) == NULL) { ++ src = "User entered password"; ++ pw = getpass("Password: "); ++ } ++ if (strlcpy(password, pw, NAMESIZE) >= NAMESIZE) ++ eprintf("%s too long, truncated to \"%s\"\n", ++ src, password); + } ++ + if(upcase_password){ + str_upper(password); + } |