Subject: bin/24559: sushi(8) shows forms with incomplete lines
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <peter@pointless.nl>
List: netbsd-bugs
Date: 02/25/2004 22:45:08
>Number: 24559
>Category: bin
>Synopsis: sushi(8) shows forms with incomplete lines
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Feb 25 21:47:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Peter Postma
>Release: NetBSD 1.6ZK
>Organization:
>Environment:
System: NetBSD mercury.pointless.nl 1.6ZK NetBSD 1.6ZK (mercury) #25: Mon Feb 23 15:42:28 CET 2004 root@mercury.pointless.nl:/usr/obj/sys/arch/sparc64/compile/mercury sparc64
Architecture: sparc64
Machine: sparc64
>Description:
sushi(8) shows forms with incomplete lines. There are 3 missing chars.
This bug was introduced during the strcpy/strcat audit.
>How-To-Repeat:
Start sushi(8). System Maintenance -> Edit inetd.conf.
>Fix:
Index: scanform.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/sushi/scanform.c,v
retrieving revision 1.31
diff -u -r1.31 scanform.c
--- scanform.c 12 Nov 2003 13:31:08 -0000 1.31
+++ scanform.c 25 Feb 2004 21:25:24 -0000
@@ -579,7 +579,7 @@
size_t l;
if (f) {
- tmp = realloc(x->v, sizeof(char *) * (strlen(x->v)+2));
+ tmp = realloc(x->v, sizeof(char *) * (strlen(x->v) + 3));
if (tmp == NULL)
bailout("realloc: %s", strerror(errno));
x->v = tmp;
@@ -589,11 +589,11 @@
bailout("malloc: %s", strerror(errno));
if (x->required == 1)
- (void)strlcpy(tmp, "* ", l);
+ (void)strncpy(tmp, "* ", l);
else
- (void)strlcpy(tmp, " ", l);
- (void)strlcat(tmp, x->v, l);
- (void)strlcpy(x->v, tmp, l + 2);
+ (void)strncpy(tmp, " ", l);
+ (void)strncat(tmp, x->v, l);
+ (void)strlcpy(x->v, tmp, l + 3);
set_field_buffer(f, 0, x->v);
free(tmp);
field_opts_off(f, O_ACTIVE);
>Release-Note:
>Audit-Trail:
>Unformatted: