Subject: bin/2286: diskpart "uses gets(), which is unsafe"
To: None <gnats-bugs@NetBSD.ORG>
From: Matt Beal <beal@umiacs.umd.edu>
List: netbsd-bugs
Date: 04/02/1996 00:48:55
>Number: 2286
>Category: bin
>Synopsis: diskpart "uses gets(), which is unsafe"
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Apr 2 01:20:03 1996
>Last-Modified:
>Originator: Matt Beal
>Organization:
UMIACS, University of Maryland
>Release: 1.1B - supped 3/21
>Environment:
System: NetBSD dilbert.umiacs.umd.edu 1.1B NetBSD 1.1B (DILBERT) #17: Fri Mar 22 17:19:15 EST 1996 root@:/usr/src-1.1B/sys/arch/i386/compile/DILBERT i386
>Description:
/usr/sbin/diskpart "uses gets(), which is unsafe"
>How-To-Repeat:
N/A
>Fix:
diff -c -r1.1 -r1.2
*** /usr/src/usr.sbin/diskpart/diskpart.c 1996/04/02 05:40:13 1.1
--- /usr/src/usr.sbin/diskpart/diskpart.c 1996/04/02 05:41:55 1.2
***************
*** 362,379 ****
register struct disklabel *dp = &disk;
register struct field *fp;
register i;
! char buf[BUFSIZ], **tp, *cp, *gets();
strncpy(dp->d_typename, name, sizeof(dp->d_typename));
fprintf(stderr,
"%s: unknown disk type, want to supply parameters (y/n)? ",
name);
! (void) gets(buf);
if (*buf != 'y')
return ((struct disklabel *)0);
for (;;) {
fprintf(stderr, "Disk/controller type (%s)? ", dktypenames[1]);
! (void) gets(buf);
if (buf[0] == 0)
dp->d_type = 1;
else
--- 362,379 ----
register struct disklabel *dp = &disk;
register struct field *fp;
register i;
! char buf[BUFSIZ], **tp, *cp;
strncpy(dp->d_typename, name, sizeof(dp->d_typename));
fprintf(stderr,
"%s: unknown disk type, want to supply parameters (y/n)? ",
name);
! (void) fgets(buf, BUFSIZ, stdin);
if (*buf != 'y')
return ((struct disklabel *)0);
for (;;) {
fprintf(stderr, "Disk/controller type (%s)? ", dktypenames[1]);
! (void) fgets(buf, BUFSIZ, stdin);
if (buf[0] == 0)
dp->d_type = 1;
else
***************
*** 389,395 ****
gettype:
dp->d_flags = 0;
fprintf(stderr, "type (winchester|removable|simulated)? ");
! (void) gets(buf);
if (strcmp(buf, "removable") == 0)
dp->d_flags = D_REMOVABLE;
else if (strcmp(buf, "simulated") == 0)
--- 389,395 ----
gettype:
dp->d_flags = 0;
fprintf(stderr, "type (winchester|removable|simulated)? ");
! (void) fgets(buf, BUFSIZ, stdin);
if (strcmp(buf, "removable") == 0)
dp->d_flags = D_REMOVABLE;
else if (strcmp(buf, "simulated") == 0)
***************
*** 403,409 ****
if (dp->d_type == DTYPE_SMD)
fprintf(stderr, "Do %ss support bad144 bad block forwarding (yes)? ",
dp->d_typename);
! (void) gets(buf);
if (*buf != 'n')
dp->d_flags |= D_BADSECT;
for (fp = fields; fp->f_name != NULL; fp++) {
--- 403,409 ----
if (dp->d_type == DTYPE_SMD)
fprintf(stderr, "Do %ss support bad144 bad block forwarding (yes)? ",
dp->d_typename);
! (void) fgets(buf, BUFSIZ, stdin);
if (*buf != 'n')
dp->d_flags |= D_BADSECT;
for (fp = fields; fp->f_name != NULL; fp++) {
***************
*** 412,418 ****
if (fp->f_defaults != NULL)
fprintf(stderr, "(%s)", fp->f_defaults);
fprintf(stderr, "? ");
! cp = gets(buf);
if (*cp == '\0') {
if (fp->f_defaults == NULL) {
fprintf(stderr, "no default value\n");
--- 412,418 ----
if (fp->f_defaults != NULL)
fprintf(stderr, "(%s)", fp->f_defaults);
fprintf(stderr, "? ");
! cp = fgets(buf, BUFSIZ, stdin);
if (*cp == '\0') {
if (fp->f_defaults == NULL) {
fprintf(stderr, "no default value\n");
***************
*** 428,434 ****
}
fprintf(stderr, "sectors/cylinder (%d)? ",
dp->d_nsectors * dp->d_ntracks);
! (void) gets(buf);
if (buf[0] == 0)
dp->d_secpercyl = dp->d_nsectors * dp->d_ntracks;
else
--- 428,434 ----
}
fprintf(stderr, "sectors/cylinder (%d)? ",
dp->d_nsectors * dp->d_ntracks);
! (void) fgets(buf, BUFSIZ, stdin);
if (buf[0] == 0)
dp->d_secpercyl = dp->d_nsectors * dp->d_ntracks;
else
***************
*** 436,442 ****
fprintf(stderr, "Drive-type-specific parameters, <cr> to terminate:\n");
for (i = 0; i < NDDATA; i++) {
fprintf(stderr, "d%d? ", i);
! (void) gets(buf);
if (buf[0] == 0)
break;
dp->d_drivedata[i] = atol(buf);
--- 436,442 ----
fprintf(stderr, "Drive-type-specific parameters, <cr> to terminate:\n");
for (i = 0; i < NDDATA; i++) {
fprintf(stderr, "d%d? ", i);
! (void) fgets(buf, BUFSIZ, stdin);
if (buf[0] == 0)
break;
dp->d_drivedata[i] = atol(buf);
>Audit-Trail:
>Unformatted: