Subject: ed segfault
To: None <tech-userlevel@netbsd.org>
From: None <hypnosses@pulltheplug.org>
List: tech-userlevel
Date: 06/09/2006 12:26:10
ed sefaults with a large string due to strcpy() below is a possible fix.
--------------------------------
? patch
Index: main.c
===================================================================
RCS file: /cvsroot/src/bin/ed/main.c,v
retrieving revision 1.17
diff -u -r1.17 main.c
--- main.c 26 Jun 2005 19:10:49 -0000 1.17
+++ main.c 9 Jun 2006 19:25:03 -0000
@@ -177,7 +177,7 @@
if (read_file(*argv, 0) < 0 && !isatty(0))
quit(2);
else if (**argv != '!')
- strcpy(old_filename, *argv);
+ strlcpy(old_filename, *argv, MAXPATHLEN - 1);
} else if (argc) {
fputs("?\n", stderr);
if (**argv == '\0')
@@ -510,7 +510,7 @@
return ERR;
else if (open_sbuf() < 0)
return FATAL;
- if (*fnp && *fnp != '!') strcpy(old_filename, fnp);
+ if (*fnp && *fnp != '!') strlcpy(old_filename, fnp,
MAXPATHLEN - 1);
#ifdef BACKWARDS
if (*fnp == '\0' && *old_filename == '\0') {
sprintf(errmsg, "no current filename");
@@ -537,7 +537,7 @@
return ERR;
}
GET_COMMAND_SUFFIX();
- if (*fnp) strcpy(old_filename, fnp);
+ if (*fnp) strlcpy(old_filename, fnp, MAXPATHLEN - 1);
printf("%s\n", strip_escapes(old_filename));
break;
case 'g':
@@ -668,7 +668,7 @@
GET_COMMAND_SUFFIX();
if (!isglobal) clear_undo_stack();
if (*old_filename == '\0' && *fnp != '!')
- strcpy(old_filename, fnp);
+ strlcpy(old_filename, fnp, MAXPATHLEN - 1);
#ifdef BACKWARDS
if (*fnp == '\0' && *old_filename == '\0') {
sprintf(errmsg, "no current filename");
@@ -802,7 +802,7 @@
return ERR;
GET_COMMAND_SUFFIX();
if (*old_filename == '\0' && *fnp != '!')
- strcpy(old_filename, fnp);
+ strlcpy(old_filename, fnp,MAXPATHLEN - 1);
#ifdef BACKWARDS
if (*fnp == '\0' && *old_filename == '\0') {
sprintf(errmsg, "no current filename");