From 009a8bb4a440ba52d6a7ab3de825e5000fd14369 Mon Sep 17 00:00:00 2001 From: Boris Popov Date: Mon, 27 Sep 1999 08:35:51 +0000 Subject: Buffer overflow fixes for version 0.99pl17. Original patches for pl15 was submitted by Przemyslaw Frasunek to securityfocus.com. --- net/mars_nwe/Makefile | 1 + net/mars_nwe/files/patch-aa | 848 ++++++++++++++++++++++++++++++++++++++++++++ net/mars_nwe/pkg-plist | 1 + 3 files changed, 850 insertions(+) (limited to 'net') diff --git a/net/mars_nwe/Makefile b/net/mars_nwe/Makefile index 1614f5700f0f..3398bc7d2820 100644 --- a/net/mars_nwe/Makefile +++ b/net/mars_nwe/Makefile @@ -23,6 +23,7 @@ do-build: do-install: @(cd ${WRKSRC} && ./mk.li install) + @${INSTALL_DATA} ${WRKSRC}/examples/nw.ini ${PREFIX}/etc/nwserv.conf.example @${ECHO} "You'll need to create a startup file to load MARS_NWE Server when booting." @${ECHO} "Create a nwserv.sh in ${PREFIX}/etc/rc.d directory and modify" @${ECHO} "${PREFIX}/etc/nwserv.conf manually before you loading server." diff --git a/net/mars_nwe/files/patch-aa b/net/mars_nwe/files/patch-aa index dfa341892806..a3de13578157 100644 --- a/net/mars_nwe/files/patch-aa +++ b/net/mars_nwe/files/patch-aa @@ -1,3 +1,851 @@ +Index: connect.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/connect.c,v +retrieving revision 1.1.1.4 +retrieving revision 1.5 +diff -u -r1.1.1.4 -r1.5 +--- connect.c 1999/06/04 09:37:54 1.1.1.4 ++++ connect.c 1999/09/27 07:51:48 1.5 +@@ -115,13 +115,13 @@ + strcpy(unixname, "Z/Z/Z/Z"); /* */ + return(unixname); + } +- strcpy(unixname, (char*)nw_volumes[volume].unixname); /* first UNIXNAME VOLUME */ ++ strncpy(unixname, (char*)nw_volumes[volume].unixname, sizeof(unixname)-1); /* first UNIXNAME VOLUME */ + + p = pp = unixname+strlen(unixname); +- strcpy(p, (char*)nwpath->path); /* now the path */ ++ strncpy(p, (char*)nwpath->path, (sizeof(unixname)-strlen(unixname)-1)); /* now the path */ + p += strlen((char*)nwpath->path); + if ( (!(modus & 1)) && nwpath->fn[0]) +- strcpy(p, (char*)nwpath->fn); /* and now fn */ ++ strncpy(p, (char*)nwpath->fn, (sizeof(unixname)-strlen(unixname)-1)); /* and now fn */ + else if ((modus & 2) && (*(p-1) == '/')) { + if (p > unixname+1) *(--p) = '\0'; + else { +@@ -178,7 +178,7 @@ + + /* init dir_handle */ + dh=&(dir_handles[rethandle-1]); +- strcpy(dh->unixname, build_unix_name(nwpath, 0)); ++ strncpy(dh->unixname, build_unix_name(nwpath, 0), sizeof(dh->unixname)-1); + dh->kpath = dh->unixname + strlen(dh->unixname); + if (dh->f) { + closedir(dh->f); +@@ -394,8 +394,8 @@ + char volname[100]; + if (p->volume < 0 || p->volume >= used_nw_volumes) { + sprintf(volname, "<%d=NOT-OK>", (int)p->volume); +- } else strcpy(volname, (char*)nw_volumes[p->volume].sysname); +- sprintf(nwpathname, "%s:%s%s", volname, p->path, p->fn); ++ } else strncpy(volname, (char*)nw_volumes[p->volume].sysname, sizeof(volname)-1); ++ snprintf(nwpathname, sizeof(nwpathname), "%s:%s%s", volname, p->path, p->fn); + return(nwpathname); + } + +@@ -522,10 +522,10 @@ + fs->attrib = attrib; + if (volume < 0 || volume >= used_nw_volumes) return(-1); /* something wrong */ + else soptions = nw_volumes[volume].options; +- strcpy((char*)entry, (char*)nwpath->fn); ++ strncpy((char*)entry, (char*)nwpath->fn, sizeof(entry)-1); + + nwpath->fn[0] = '\0'; +- strcpy(xkpath, build_unix_name(nwpath, 1|2)); ++ strncpy(xkpath, build_unix_name(nwpath, 1|2), sizeof(xkpath)-1); + + XDPRINTF((5,0,"func_search_entry attrib=0x%x path:%s:, xkpath:%s:, entry:%s:", + attrib, nwpath->path, xkpath, entry)); +@@ -554,12 +554,12 @@ + || fn_dos_match(dname, entry, soptions))); + if (okflag) { + *kpath = '\0'; +- strcpy(kpath, (char*)name); ++ strncpy(kpath, (char*)name, sizeof((xkpath)-strlen(xkpath)-1)); + if (!s_stat(xkpath, &(fs->statb), NULL)) { + okflag = ( ( ( (fs->statb.st_mode & S_IFMT) == S_IFDIR) && (attrib & 0x10)) + || ( ( (fs->statb.st_mode & S_IFMT) != S_IFDIR) && !(attrib & 0x10))); + if (okflag){ +- strcpy((char*)nwpath->fn, (char*)dname); ++ strncpy((char*)nwpath->fn, (char*)dname, sizeof(nwpath->fn)); + XDPRINTF((5,0,"FOUND=:%s: attrib=0x%x", nwpath->fn, fs->statb.st_mode)); + result = (*fs_func)(nwpath, fs); + if (result < 0) break; +@@ -592,9 +592,9 @@ + int akt_sequence=0; + if (volume < 0 || volume >= used_nw_volumes) return(-0x98); /* something wrong */ + else soptions = nw_volumes[volume].options; +- strcpy((char*)entry, (char*)nwpath->fn); ++ strncpy((char*)entry, (char*)nwpath->fn, sizeof(entry)-1); + nwpath->fn[0] = '\0'; +- strcpy(xkpath, build_unix_name(nwpath, 1|2)); ++ strncpy(xkpath, build_unix_name(nwpath, 1|2), sizeof(xkpath)-1); + XDPRINTF((5,0,"get_dir_entry attrib=0x%x path:%s:, xkpath:%s:, entry:%s:", + attrib, nwpath->path, xkpath, entry)); + +@@ -632,7 +632,7 @@ + || fn_dos_match(dname, entry, soptions)))) ? 0 : -0xff; + if (!okflag) { + *kpath = '\0'; +- strcpy(kpath, (char*)name); ++ strncpy(kpath, (char*)name, sizeof(xkpath)-strlen(xkpath)-1); + if (!s_stat(xkpath, statb, NULL)) { + okflag = (( ( ( (statb->st_mode & S_IFMT) == S_IFDIR) && (attrib & 0x10)) + || ( ( (statb->st_mode & S_IFMT) != S_IFDIR) && !(attrib & 0x10)))) +@@ -641,7 +641,7 @@ + if (soptions & VOL_OPTION_IS_PIPE) { + statb->st_size = 0x70000000|(statb->st_mtime&0xfffffff); + } +- strcpy((char*)nwpath->fn, (char*)dname); ++ strncpy((char*)nwpath->fn, (char*)dname, sizeof(nwpath->fn)-1); + XDPRINTF((5,0,"FOUND=:%s: attrib=0x%x", nwpath->fn, statb->st_mode)); + break; /* ready */ + } +@@ -682,7 +682,8 @@ + int *sequence, + int attrib, + char *unixname, +- struct stat *statb) ++ struct stat *statb, ++ int len) + + /* returns 1 if OK and 0 if not OK */ + { +@@ -728,7 +729,7 @@ + || fn_dos_match(dname, entry, dh->vol_options))); + + if (okflag) { +- strcpy(dh->kpath, (char*)name); ++ strncpy(dh->kpath, (char*)name, sizeof(dh->unixname)-1); + XDPRINTF((5,0,"get_dh_entry Name=%s unixname=%s", + name, dh->unixname)); + +@@ -737,8 +738,8 @@ + || (((statb->st_mode & S_IFMT) != S_IFDIR) && !(attrib & 0x10))); + if (okflag){ + if (unixname) +- strcpy(unixname, dh->unixname); +- strcpy((char*)search, (char*)dname); ++ strncpy(unixname, dh->unixname, sizeof(unixname)-1); ++ strncpy((char*)search, (char*)dname, len-1); + break; /* ready */ + } + } else okflag = 0; +@@ -758,7 +759,8 @@ + uint8 *fn, + int *has_wild, + uint8 *data, +- int len) ++ int len, ++ int lenn) + + /* is called from build_path */ + { +@@ -790,10 +792,10 @@ + *p1 = '\0'; + if (fn != NULL) { /* if with filename */ + if (p != NULL){ /* exist directory-path */ +- strcpy((char*)fn, (char*)p); ++ strncpy((char*)fn, (char*)p, lenn-1); + *p = '\0'; + } else { /* only filename */ +- strcpy((char*)fn, (char*)path); ++ strncpy((char*)fn, (char*)path, lenn-1); + *path= '\0'; + } + } +@@ -816,7 +818,7 @@ + (only_dir) ? (uint8)NULL + : path->fn, + &(path->has_wild), +- data, len); ++ data, len, sizeof(path->fn)); + + path->volume = -1; + if (only_dir) path->fn[0] = '\0'; +@@ -879,7 +881,7 @@ + uint8 *ppp=nwpath->path; + int completition=0; + +- strcpy((char*)searchpath, (char*)ppp); /* save path */ ++ strncpy((char*)searchpath, (char*)ppp, sizeof(searchpath)-1); /* save path */ + + if (nwpath->volume > -1) { /* absolute path */ + *ppp= '\0'; +@@ -892,7 +894,7 @@ + *ppp = '\0'; + } else { /* get path from dir_handle */ + NW_VOL *v = &nw_volumes[nwpath->volume]; +- strcpy((char*)ppp, (char*)dirs[dir_handle].path); ++ strncpy((char*)ppp, (char*)dirs[dir_handle].path, sizeof(nwpath->path)-1); + if (v->options & VOL_OPTION_IGNCASE) + ppp += strlen(ppp); + } +@@ -974,9 +976,9 @@ + int pathlen = strlen(nwpath->path); + int fnlen = strlen(nwpath->fn); + memcpy(unixname, v->unixname, v->unixnamlen); +- strcpy(pp, nwpath->path); ++ strncpy(pp, nwpath->path, sizeof(unixname)-v->unixnamlen-1); + if (fnlen) +- strcpy(pp+pathlen, nwpath->fn); ++ strncpy(pp+pathlen, nwpath->fn, sizeof(unixname)-v->unixnamlen-pathlen-1); + dos2unixcharset(pp); + pp += offset; + pathlen -= offset; +@@ -1008,7 +1010,7 @@ + } + + int conn_get_full_path(int dirhandle, uint8 *data, int len, +- uint8 *fullpath) ++ uint8 *fullpath, int lenn) + /* returns path in form VOLUME:PATH */ + { + NW_PATH nwpath; +@@ -1023,7 +1025,7 @@ + nw_volumes[nwpath.volume].sysname, p); + if (nwpath.fn[0]) { + if (*p) fullpath[len++]='/'; +- strcpy(fullpath+len, nwpath.fn); ++ strncpy(fullpath+len, nwpath.fn, lenn-len-1); + } + result=len+strlen(nwpath.fn); + } +@@ -1046,7 +1048,7 @@ + completition = build_dir_name(&nwpath, &stbuff, dirhandle); + if (completition > -1) { + if (unixname) +- strcpy(unixname, build_unix_name(&nwpath, 0)); ++ strncpy(unixname, build_unix_name(&nwpath, 0), 299); + completition=nwpath.volume; + } + XDPRINTF((5, 0, "conn_get_kpl_unxname: completition=0x%x", completition)); +@@ -1149,7 +1151,7 @@ + static int do_delete_file(NW_PATH *nwpath, FUNC_SEARCH *fs) + { + char unname[256]; +- strcpy(unname, build_unix_name(nwpath, 0)); ++ strncpy(unname, build_unix_name(nwpath, 0), sizeof(unname)-1); + XDPRINTF((5,0,"DELETE FILE unname:%s:", unname)); + return(nw_unlink_node(nwpath->volume, unname, &(fs->statb))); + } +@@ -1362,12 +1364,12 @@ + + if (completition > -1) { + char qfn[256]; +- strcpy(qfn, build_unix_name(&quellpath,0)); ++ strncpy(qfn, build_unix_name(&quellpath,0), sizeof(qfn)-1); + completition=conn_get_kpl_path(&zielpath, &zstbuff, zdirhandle, z, zlen, 0); + if (completition > -1) { + char zpath[256]; + completition=0; +- strcpy(zpath, build_unix_name(&zielpath, 1)); ++ strncpy(zpath, build_unix_name(&zielpath, 1), sizeof(zpath)-1); + if (stat(qfn, &qstbuff) || + tru_eff_rights_exists(quellpath.volume, qfn, &qstbuff, + TRUSTEE_W|TRUSTEE_M|TRUSTEE_R)) +@@ -1378,7 +1380,7 @@ + } + if (!completition){ + char unziel[256]; +- strcpy(unziel, build_unix_name(&zielpath,0)); ++ strncpy(unziel, build_unix_name(&zielpath,0), sizeof(unziel)-1); + + seteuid(0); + if (entry8_flags & 0x4) /* new: 20-Nov-96 */ +@@ -1407,7 +1409,7 @@ + NW_FILE_INFO *f=(NW_FILE_INFO*)fs->ubuf; + int voloptions = get_volume_options(nwpath->volume); + struct stat statb; +- strcpy(unname, build_unix_name(nwpath, 0)); ++ strncpy(unname, build_unix_name(nwpath, 0), sizeof(unname)-1); + if (!stat(unname, &statb)) { + if (S_ISFIFO(statb.st_mode) || (voloptions&VOL_OPTION_IS_PIPE)) + return(0); /* do nothing but report OK */ +@@ -1492,7 +1494,7 @@ + } + if (completition < 0) return(completition); + voloptions=get_volume_options(nwpath.volume); +- strcpy(unname, build_unix_name(&nwpath, 2)); ++ strncpy(unname, build_unix_name(&nwpath, 2), sizeof(unname)-1); + XDPRINTF((5,0,"set file attrib 0x%x, unname:%s:", newattrib, unname)); + + if (!s_stat(unname, &stbuff, &stb)){ +@@ -1558,7 +1560,7 @@ + struct stat stb; + uint8 path[260]; + uint8 *p=path+strlen(unname); +- strcpy(path, unname); ++ strncpy(path, unname, sizeof(path)); + while (p > path && *p != '/') --p; + if (p > path) { + *p='\0'; +@@ -1667,7 +1669,7 @@ + dir_handle, data, len, (mode) ? 0 : 1 ); + if (completition > -1) { + char unname[256]; +- strcpy(unname, build_unix_name(&nwpath, 2)); ++ strncpy(unname, build_unix_name(&nwpath, 2), sizeof(unname)-1); + if (mode) { + completition=nw_creat_node(nwpath.volume, unname, 1); + } else { /* rmdir */ +@@ -1694,7 +1696,7 @@ + char zpath[256]; + struct stat zstbuff; + completition = 0; +- strcpy(qfn, build_unix_name(&quellpath,0)); ++ strncpy(qfn, build_unix_name(&quellpath,0), sizeof(qfn)-1); + memcpy(&zielpath, &quellpath, sizeof(NW_PATH)); + strmaxcpy(zielpath.fn, destdata, destdatalen); + +@@ -1714,7 +1716,7 @@ + */ + #endif + +- strcpy(zpath, build_unix_name(&zielpath, 1)); ++ strncpy(zpath, build_unix_name(&zielpath, 1), sizeof(zpath)-1); + if (stat(qfn, &qstbuff) || + tru_eff_rights_exists(quellpath.volume, qfn, &qstbuff, + TRUSTEE_W|TRUSTEE_M|TRUSTEE_R)) +@@ -1727,7 +1729,7 @@ + if (completition > -1){ + int result; + char unziel[256]; +- strcpy(unziel, build_unix_name(&zielpath, 0)); ++ strncpy(unziel, build_unix_name(&zielpath, 0), sizeof(unziel)-1); + + seteuid(0); + result = unx_mvdir((uint8 *)qfn, (uint8 *)unziel); +@@ -1815,7 +1817,7 @@ + NW_DIR *d = &(dirs[0]); + int namspace_max_baseh=0; + int namspace_max_searchh=0; +- strcpy((char*)nwlogin.path, (char*)login); ++ strncpy((char*)nwlogin.path, (char*)login, sizeof(nwlogin.path)-1); + nwlogin.fn[0] = '\0'; + nwlogin.volume = 0; + +@@ -1850,7 +1852,7 @@ + entry8_flags = hextoi((char*)buff); + } else if (what == 9) { /* umode */ + uint8 buf1[300], buf2[300]; +- if (2 == sscanf((char*)buff, "%s %s", buf1, buf2)) { ++ if (2 == sscanf((char*)buff, "%300s %300s", buf1, buf2)) { + default_umode_dir = octtoi(buf1); + default_umode_file = octtoi(buf2); + } +@@ -1999,7 +2001,7 @@ + &stbuff); + if (!completition) { + char unixname[300]; +- strcpy(unixname, build_unix_name(&nwpath, 0)); ++ strncpy(unixname, build_unix_name(&nwpath, 0), sizeof(unixname)-1); + if ( S_ISDIR(stbuff.st_mode) ) { + get_dir_attrib((NW_DIR_INFO*)info, unixname, &stbuff, + &nwpath); +@@ -2056,7 +2058,7 @@ + &searchsequence, + search_attrib, + unixname, +- &stbuff)){ ++ &stbuff, sizeof(nwpath.fn))){ + + if ( S_ISDIR(stbuff.st_mode) ) { + get_dir_attrib((NW_DIR_INFO*)info, unixname, &stbuff, +@@ -2086,7 +2088,7 @@ + int inode=conn_get_kpl_path(&nwpath, &stbuff, dir_handle, data, len, 1); + if (inode > -1) { + uint8 unixname[257]; +- strcpy(unixname, build_unix_name(&nwpath, 0)); ++ strncpy(unixname, build_unix_name(&nwpath, 0), sizeof(unixname-1)); + inode = insert_new_dir(&nwpath, stbuff.st_dev, stbuff.st_ino, + driveletter, is_temphandle, task); + *eff_rights=tru_get_eff_rights(nwpath.volume, unixname, &stbuff); +@@ -2225,7 +2227,7 @@ + int completition = conn_get_kpl_path(&nwpath, &stbuff, + dir_handle, data, len, 0); + if (completition < 0) return(completition); +- strcpy(unname, build_unix_name(&nwpath, 0)); ++ strncpy(unname, build_unix_name(&nwpath, 0), sizeof(unname)-1); + if (s_stat(unname, &stbuff, NULL) || + (!modus && !S_ISDIR(stbuff.st_mode)) ) { + completition = -0x9c; +@@ -2248,7 +2250,7 @@ + int completition = conn_get_kpl_path(&nwpath, &stbuff, dir_handle, data, len, 0); + if (completition > -1) { + char unixname[300]; +- strcpy(unixname, build_unix_name(&nwpath, 0)); ++ strncpy(unixname, build_unix_name(&nwpath, 0), sizeof(unixname)-1); + completition=file_creat_open(nwpath.volume, (uint8*)unixname, + &stbuff, attrib, access, creatmode, task); + +@@ -2283,7 +2285,7 @@ + up_fn(wild); + } + +- strcpy((char*)dirname, (char*)wild); ++ strncpy((char*)dirname, (char*)wild, sizeof(dirname)-1); + XDPRINTF((5,0,"SCAN_DIR: rights = 0x%x, subnr = %d", + (int)rights, (int)GET_BE16(subnr))); + +@@ -2294,7 +2296,7 @@ + &searchsequence, + 0x10, + unixname, +- &stbuff) ) { ++ &stbuff, sizeof(dirname)) ) { + + XDPRINTF((5,0,"SCAN_DIR: von %s, found %s:", dh->unixname, dirname)); + if (++aktsequence == dirsequence) { /* actual found */ +@@ -2306,7 +2308,7 @@ + un_time_2_nw(stbuff.st_mtime, subdatetime+2, 1); + return(tru_get_inherited_mask(volume, unixname, &stbuff)); + } +- strcpy((char*)dirname, (char*)wild); ++ strncpy((char*)dirname, (char*)wild, sizeof(dirname)-1); + } /* while */ + } else { + *(dh->kpath) = '.'; +@@ -2427,7 +2429,7 @@ + if (!completition) { + char unixname[300]; + NW_SCAN_DIR_INFO *scif = (NW_SCAN_DIR_INFO*)rdata; +- strcpy(unixname, build_unix_name(&nwpath, 0)); ++ strncpy(unixname, build_unix_name(&nwpath, 0), sizeof(unixname)-1); + memset(rdata, 0, sizeof(NW_SCAN_DIR_INFO)); + U32_TO_BE32((uint32)searchsequence, scif->searchsequence); + +@@ -2459,7 +2461,7 @@ + nwpath.path, nwpath.fn, completition)); + if (completition > -1) { + char unixname[300]; +- strcpy(unixname, build_unix_name(&nwpath, 2)); ++ strncpy(unixname, build_unix_name(&nwpath, 2), sizeof(unixname)-1); + if (!s_stat(unixname, &stbuff, NULL)) { + NW_DOS_DIR_INFO *d=(NW_DOS_DIR_INFO*)rdata; + memset(rdata, 0, sizeof(NW_DOS_DIR_INFO)); +@@ -2491,7 +2493,7 @@ + if (!completition) { + char unixname[300]; + uint32 change_mask=GET_32(f->change_bits); +- strcpy(unixname,build_unix_name(&nwpath, 0)); ++ strncpy(unixname,build_unix_name(&nwpath, 0), sizeof(unixname)-1); + if (change_mask & 0x2) { + completition=set_nw_attrib_dword(nwpath.volume, unixname, &stbuff, + GET_32(f->u.f.attributes)); +@@ -2610,7 +2612,7 @@ + NW_PATH nwpath; + int result = conn_get_kpl_path(&nwpath, &stbuff, dir_handle, data, len, 0); + if (result < 0) return(result); +- strcpy(unname, build_unix_name(&nwpath, 0)); ++ strncpy(unname, build_unix_name(&nwpath, 0), sizeof(unname)-1); + if (s_stat(unname, &stbuff, NULL) || + (!extended && !S_ISDIR(stbuff.st_mode)) ) { + result = -0x9c; +@@ -2634,7 +2636,7 @@ + NW_PATH nwpath; + int result = conn_get_kpl_path(&nwpath, &stbuff, dir_handle, data, len, 0); + if (result < 0) return(result); +- strcpy(unname, build_unix_name(&nwpath, 0)); ++ strncpy(unname, build_unix_name(&nwpath, 0), sizeof(unname)-1); + if (s_stat(unname, &stbuff, NULL) || + (!extended && !S_ISDIR(stbuff.st_mode)) ) { + result = -0x9c; +@@ -2653,7 +2655,7 @@ + NW_PATH nwpath; + int result = conn_get_kpl_path(&nwpath, &stbuff, dir_handle, data, len,0); + if (result < 0) return(result); +- strcpy(unname, build_unix_name(&nwpath, 0)); ++ strncpy(unname, build_unix_name(&nwpath, 0), sizeof(unname)-1); + if (s_stat(unname, &stbuff, NULL) || !S_ISDIR(stbuff.st_mode)) { + result = -0x9c; + } else { +@@ -2695,7 +2697,7 @@ + int result = conn_get_kpl_path(&nwpath, &stbuff, dir_handle, path, len, + (extended) ? 0 : 1); + if (result < 0) return(result); +- strcpy(unname, build_unix_name(&nwpath, 0)); ++ strncpy(unname, build_unix_name(&nwpath, 0), sizeof(unname)-1); + if (s_stat(unname, &stbuff, NULL) || + (!extended && !S_ISDIR(stbuff.st_mode)) ) { + result = -0x9c; +Index: connect.h +=================================================================== +RCS file: /usr/local/cvsrp/mars/connect.h,v +retrieving revision 1.1.1.2 +retrieving revision 1.2 +diff -u -r1.1.1.2 -r1.2 +--- connect.h 1999/06/04 09:37:55 1.1.1.2 ++++ connect.h 1999/09/27 07:51:48 1.2 +@@ -210,7 +210,7 @@ + extern int entry8_flags; /* special flags, see examples nw.ini, entry 8 */ + + extern int conn_get_full_path(int dirhandle, uint8 *data, int len, +- uint8 *fullpath); ++ uint8 *fullpath, int lenn); + + extern int conn_get_kpl_unxname(char *unixname, + int dirhandle, +Index: ipxif.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/ipxif.c,v +retrieving revision 1.1.1.2 +retrieving revision 1.2 +diff -u -r1.1.1.2 -r1.2 +Index: nameos2.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/nameos2.c,v +retrieving revision 1.1.1.1 +retrieving revision 1.2 +diff -u -r1.1.1.1 -r1.2 +--- nameos2.c 1999/01/28 06:21:36 1.1.1.1 ++++ nameos2.c 1999/09/27 07:51:48 1.2 +@@ -116,7 +116,7 @@ + } + #endif + +-void mangle_os2_name(NW_VOL *vol, uint8 *unixname, uint8 *pp) ++void mangle_os2_name(NW_VOL *vol, uint8 *unixname, uint8 *pp, int len) + { + #if MAX_NAME_OS2_CACHE + int k = -1; +@@ -149,7 +149,7 @@ + new_str(b->cache[0], pp); + } + } else { +- strcpy(pp, b->cache[besthit]); ++ strncpy(pp, b->cache[besthit], len-1); + if (besthit > 2) { + uint8 *sp=b->cache[besthit]; + while (besthit--) { +Index: nameos2.h +=================================================================== +RCS file: /usr/local/cvsrp/mars/nameos2.h,v +retrieving revision 1.1.1.1 +retrieving revision 1.2 +diff -u -r1.1.1.1 -r1.2 +--- nameos2.h 1999/01/28 06:21:36 1.1.1.1 ++++ nameos2.h 1999/09/27 07:51:48 1.2 +@@ -7,7 +7,7 @@ + #define _NAMEOS2_H_ + #if WITH_NAME_SPACE_CALLS + +-extern void mangle_os2_name(NW_VOL *vol, uint8 *unixname, uint8 *pp); ++extern void mangle_os2_name(NW_VOL *vol, uint8 *unixname, uint8 *pp, int len); + extern int fn_os2_match(uint8 *s, uint8 *p, int soptions); + + #endif +Index: namspace.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/namspace.c,v +retrieving revision 1.1.1.3 +retrieving revision 1.2 +diff -u -r1.1.1.3 -r1.2 +--- namspace.c 1999/06/04 09:37:56 1.1.1.3 ++++ namspace.c 1999/09/27 07:51:48 1.2 +@@ -617,7 +617,7 @@ + if (nwpath->namespace == NAME_OS2) { + dos2unixcharset(pp); + pp+=npbeg; +- mangle_os2_name(v, unixname, pp); ++ mangle_os2_name(v, unixname, pp, sizeof(unixname)-v->unixnamlen-npbeg); + if (nplen > 0) { + unix2doscharset(pp); + memcpy(nwpath->path+npbeg, pp, nplen); +Index: nwattrib.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/nwattrib.c,v +retrieving revision 1.1.1.1 +retrieving revision 1.2 +diff -u -r1.1.1.1 -r1.2 +--- nwattrib.c 1999/01/28 06:21:36 1.1.1.1 ++++ nwattrib.c 1999/09/27 07:51:48 1.2 +@@ -33,7 +33,7 @@ + int l; + uint8 buf_uc[4]; + U32_TO_BE32(inode, buf_uc); +- l=sprintf(buf, "%s/%x/%x/%x/%x", path_attributes, ++ l=snprintf(buf, sizeof(buf), "%s/%x/%x/%x/%x", path_attributes, + dev, + (int) buf_uc[0], + (int) buf_uc[1], +@@ -52,7 +52,7 @@ + char buf[255]; + uint8 buf_uc[4]; + U32_TO_BE32(inode, buf_uc); +- sprintf(buf, "%s/%x/%x/%x/%x/%x", path_attributes, ++ snprintf(buf, sizeof(buf), "%s/%x/%x/%x/%x/%x", path_attributes, + dev, + (int) buf_uc[0], + (int) buf_uc[1], +@@ -71,7 +71,7 @@ + int l; + uint8 buf_uc[4]; + U32_TO_BE32(inode, buf_uc); +- sprintf(buf, "%s/%x/%x/%x/%x/%x", path_attributes, ++ snprintf(buf, sizeof(buf), "%s/%x/%x/%x/%x/%x", path_attributes, + dev, + (int) buf_uc[0], + (int) buf_uc[1], +Index: nwbind.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/nwbind.c,v +retrieving revision 1.1.1.4 +retrieving revision 1.2 +diff -u -r1.1.1.4 -r1.2 +--- nwbind.c 1999/06/04 09:37:58 1.1.1.4 ++++ nwbind.c 1999/09/27 07:51:48 1.2 +@@ -416,7 +416,7 @@ + } *xdata = (struct XDATA*) responsedata; + int k, i, h; + memset(xdata, 0, sizeof(struct XDATA)); +- strcpy(xdata->servername, my_nwname); ++ strncpy(xdata->servername, my_nwname, sizeof(xdata->servername)-1); + if (!tells_server_version) { + xdata->version = 2; + xdata->subversion = 15; +Index: nwconn.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/nwconn.c,v +retrieving revision 1.1.1.4 +retrieving revision 1.2 +diff -u -r1.1.1.4 -r1.2 +--- nwconn.c 1999/06/04 09:37:59 1.1.1.4 ++++ nwconn.c 1999/09/27 07:51:48 1.2 +@@ -1129,7 +1129,7 @@ + uint8 *path = rdata+3+q_name_len+2; + uint8 new_path[257]; + int result = conn_get_full_path(*dirhandle, +- path, pathlen, new_path); ++ path, pathlen, new_path, sizeof(new_path)); + if (result > -1) { + int diffsize = result - pathlen; + *dirhandle = 0; +Index: nwdbm.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/nwdbm.c,v +retrieving revision 1.1.1.3 +retrieving revision 1.2 +diff -u -r1.1.1.3 -r1.2 +--- nwdbm.c 1999/03/07 09:02:42 1.1.1.3 ++++ nwdbm.c 1999/09/27 07:51:49 1.2 +@@ -2362,7 +2362,7 @@ + pp=directory; + state++; + } else if (state==3) { +- strcpy(command, p-1); ++ strncpy(command, p-1, sizeof(command)-1); + break; + } + } +Index: nwfile.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/nwfile.c,v +retrieving revision 1.1.1.3 +retrieving revision 1.2 +diff -u -r1.1.1.3 -r1.2 +--- nwfile.c 1999/06/04 09:38:00 1.1.1.3 ++++ nwfile.c 1999/09/27 07:51:49 1.2 +@@ -100,7 +100,7 @@ + fh->st_ino = 0; + fh->access = 0; + fh->inuse = 0; +- strcpy((char*)fh->fname, (char*)unixname); ++ strncpy((char*)fh->fname, (char*)unixname, sizeof(fh->fname)-1); + fh->fh_flags = 0; + fh->f = NULL; + fh->volume = volume; +@@ -699,7 +699,7 @@ + { + if (NULL == fh->f) { + char pipecommand[512]; +- sprintf(pipecommand, "%s %s %d %d", ++ snprintf(pipecommand, sizeof(pipecommand), "%s %s %d %d", + fh->fname, + dowrite ? "WRITE" : "READ", + act_connection, act_pid); +Index: nwqconn.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/nwqconn.c,v +retrieving revision 1.1.1.2 +retrieving revision 1.2 +diff -u -r1.1.1.2 -r1.2 +--- nwqconn.c 1999/01/28 06:24:10 1.1.1.2 ++++ nwqconn.c 1999/09/27 07:51:49 1.2 +@@ -212,7 +212,7 @@ + FILE *f=NULL; + if (prc_len && *(prc+prc_len-1)=='!'){ + strmaxcpy((uint8*)buff, prc, prc_len-1); +- sprintf(printcommand, "%s %s %s", buff, ++ snprintf(printcommand, sizeof(printcommand), "%s %s %s", buff, + qpa.banner_user_name, qpa.banner_file_name); + } else + strmaxcpy((uint8*)printcommand, prc, prc_len); +Index: nwserv.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/nwserv.c,v +retrieving revision 1.1.1.2 +retrieving revision 1.2 +diff -u -r1.1.1.2 -r1.2 +--- nwserv.c 1999/01/28 06:24:12 1.1.1.2 ++++ nwserv.c 1999/09/27 07:51:49 1.2 +@@ -851,7 +851,7 @@ + char inhalt4[500]; + char dummy; + int anz; +- if ((anz=sscanf((char*)buff, "%s %s %s %s", inhalt, inhalt2, ++ if ((anz=sscanf((char*)buff, "%500s %500s %500s %500s", inhalt, inhalt2, + inhalt3, inhalt4)) > 0) { + switch (what) { + case 2 : if (full) { +@@ -1287,7 +1287,7 @@ + int frame=-1; + uint32 netnum=0L; + char buf[256]; +- strcpy(buf, argv[j+2]); ++ strncpy(buf, argv[j+2], sizeof(buf)-1); + upstr(buf); + if (!strcmp(buf, "802.3")) + frame=IPX_FRAME_8023; +Index: nwvolume.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/nwvolume.c,v +retrieving revision 1.1.1.2 +retrieving revision 1.2 +diff -u -r1.1.1.2 -r1.2 +--- nwvolume.c 1999/01/28 06:24:13 1.1.1.2 ++++ nwvolume.c 1999/09/27 07:51:49 1.2 +@@ -144,7 +144,7 @@ + uint8 umode_filestr[256]; + uint8 *p; + int len; +- int founds = sscanf((char*)buff, "%s %s %s %s %s", ++ int founds = sscanf((char*)buff, "%256s %256s %256s %256s %256s", + sysname, unixname, optionstr, umode_dirstr, umode_filestr); + if (founds > 1) { + NW_VOL *vol=&(nw_volumes[used_nw_volumes]); +@@ -341,9 +341,9 @@ + flen = 0; + fname = ""; + } else { +- strcpy(fullname, unixname); ++ strncpy(fullname, unixname, sizeof(fullname)-1); + /* concatenation $HOME/ and add/on/ */ +- strcpy(fullname + homepathlen, nw_volumes[k].homeaddon); ++ strncpy(fullname + homepathlen, nw_volumes[k].homeaddon, sizeof(fullname)-homepathlen-1); + fname = fullname; + flen = homepathlen + nw_volumes[k].addonlen; + } +@@ -666,10 +666,10 @@ + uint8 trusteepath[500]; + uint8 *p; + free_vol_trustee(v); +- strcpy(trusteepath, path_trustees); ++ strncpy(trusteepath, path_trustees, sizeof(trusteepath)-1); + p=trusteepath+strlen(trusteepath); + *p++='/'; +- strcpy(p, v->sysname); ++ strncpy(p, v->sysname, sizeof(trusteepath)-strlen(p)-1); + p+=strlen(v->sysname); + *p++='/'; + *p='\0'; +Index: trustee.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/trustee.c,v +retrieving revision 1.1.1.2 +retrieving revision 1.2 +diff -u -r1.1.1.2 -r1.2 +--- trustee.c 1999/01/28 06:24:14 1.1.1.2 ++++ trustee.c 1999/09/27 07:51:49 1.2 +@@ -283,7 +283,7 @@ + char volname[100]; + if (nw_get_volume_name(volume, volname) < 1) return; + U32_TO_BE32(inode, buf_uc); +- sprintf(buf, "%s/%s/%x/%x/%x/%x/n.%x", path_trustees, volname, ++ snprintf(buf, sizeof(buf), "%s/%s/%x/%x/%x/%x/n.%x", path_trustees, volname, + dev, + (int) buf_uc[0], + (int) buf_uc[1], +@@ -306,7 +306,7 @@ + char volname[100]; + if (nw_get_volume_name(volume, volname) < 1) return(-0xff); + U32_TO_BE32(inode, buf_uc); +- l=sprintf(buf, "%s/%s/%x/%x/%x/%x/t.%x", path_trustees, volname, ++ l=snprintf(buf, sizeof(buf), "%s/%s/%x/%x/%x/%x/t.%x", path_trustees, volname, + dev, + (int) buf_uc[0], + (int) buf_uc[1], +@@ -328,7 +328,7 @@ + char volname[100]; + if (nw_get_volume_name(volume, volname) < 1) return(result); + U32_TO_BE32(inode, buf_uc); +- sprintf(buf, "%s/%s/%x/%x/%x/%x/t.%x/%x", path_trustees, volname, ++ snprintf(buf, sizeof(buf), "%s/%s/%x/%x/%x/%x/t.%x/%x", path_trustees, volname, + dev, + (int) buf_uc[0], + (int) buf_uc[1], +@@ -351,7 +351,7 @@ + int len; + unsigned int sernum=0; + if (nw_get_volume_name(volume, volname) < 1) return(-1); +- sprintf(buf, "%s/%s/ts", path_trustees, volname); ++ snprintf(buf, sizeof(buf), "%s/%s/ts", path_trustees, volname); + len=readlink(buf, buf1, sizeof(buf1)-1); + if (len>0) { + buf1[len]='\0'; +@@ -380,7 +380,7 @@ + char volname[100]; + if (nw_get_volume_name(volume, volname) < 1) return; + U32_TO_BE32(inode, buf_uc); +- len=sprintf(buf, "%s/%s/%x/%x/%x/%x/", path_trustees, volname, ++ len=snprintf(buf, sizeof(buf), "%s/%s/%x/%x/%x/%x/", path_trustees, volname, + dev, + (int) buf_uc[0], + (int) buf_uc[1], +@@ -438,7 +438,7 @@ + + (void)nw_get_volume_name(volume, volname); + +- l=sprintf(buf, "%s/%s/%x/%x/%x/%x/t.%x", path_trustees, volname, ++ l=snprintf(buf, sizeof(buf), "%s/%s/%x/%x/%x/%x/t.%x", path_trustees, volname, + dev, + (int) buf_uc[0], + (int) buf_uc[1], +@@ -458,7 +458,7 @@ + int len; + unsigned int id; + if (1 == sscanf(dirbuff->d_name, "%x", &id)) { +- strcpy(p, dirbuff->d_name); ++ strncpy(p, dirbuff->d_name, sizeof(buf)-l-1); + len=readlink(buf, btrustee, 254); + if (len > 0) { + unsigned int utrustee=0; +Index: unxfile.c +=================================================================== +RCS file: /usr/local/cvsrp/mars/unxfile.c,v +retrieving revision 1.1.1.2 +retrieving revision 1.2 +diff -u -r1.1.1.2 -r1.2 +--- unxfile.c 1999/01/28 06:24:15 1.1.1.2 ++++ unxfile.c 1999/09/27 07:51:49 1.2 +@@ -84,7 +84,7 @@ + ( dirbuff->d_name[0] != '.' + || (dirbuff->d_name[1] != '\0' && + (dirbuff->d_name[1] != '.' || dirbuff->d_name[2] != '\0')))) { +- strcpy(p, dirbuff->d_name); ++ strncpy(p, dirbuff->d_name, len+300+len-1); + if (unlink(buf) && unx_xrmdir(buf)) { + errorp(1, "unx_xrmdir", "cannot remove '%s'", buf); + break; +@@ -105,7 +105,7 @@ + if (!stat(newname, &statb)) return(EEXIST); + if (stat(oldname, &statb)) return(-1); + else if (!S_ISDIR(statb.st_mode)) return(-1); +- sprintf(command, "mv %s %s 2>&1 >/dev/null" , oldname, newname); ++ snprintf(command, sizeof(command)-1, "mv %s %s 2>&1 >/dev/null" , oldname, newname); + return(system(command)); + } + #endif Index: doc/README.FREEBSD =================================================================== RCS file: /usr/local/cvsrp/mars/doc/README.FREEBSD,v diff --git a/net/mars_nwe/pkg-plist b/net/mars_nwe/pkg-plist index d3c746524dc1..8a1585d99c16 100644 --- a/net/mars_nwe/pkg-plist +++ b/net/mars_nwe/pkg-plist @@ -1,3 +1,4 @@ +etc/nwserv.conf.example sbin/nwserv sbin/ncpserv sbin/nwbind -- cgit v1.2.3