[src/trunk]: src/libexec/tftpd make sure we do not overrun packet buffer when...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/libexec/tftpd make sure we do not overrun packet buffer when...
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 08:13:54 +0000

details:   https://anonhg.NetBSD.org/src/rev/12a5ba12618c
branches:  trunk
changeset: 499514:12a5ba12618c
user:      itojun <itojun%NetBSD.org@localhost>
date:      Tue Nov 21 13:50:25 2000 +0000

description:
make sure we do not overrun packet buffer when we set error message string.

diffstat:

 libexec/tftpd/tftpd.c |  17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

diffs (49 lines):

diff -r 0193ae81ab78 -r 12a5ba12618c libexec/tftpd/tftpd.c
--- a/libexec/tftpd/tftpd.c     Tue Nov 21 13:39:07 2000 +0000
+++ b/libexec/tftpd/tftpd.c     Tue Nov 21 13:50:25 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tftpd.c,v 1.20 2000/11/21 13:39:07 itojun Exp $        */
+/*     $NetBSD: tftpd.c,v 1.21 2000/11/21 13:50:25 itojun Exp $        */
 
 /*
  * Copyright (c) 1983, 1993
@@ -40,7 +40,7 @@
 #if 0
 static char sccsid[] = "@(#)tftpd.c    8.1 (Berkeley) 6/4/93";
 #else
-__RCSID("$NetBSD: tftpd.c,v 1.20 2000/11/21 13:39:07 itojun Exp $");
+__RCSID("$NetBSD: tftpd.c,v 1.21 2000/11/21 13:50:25 itojun Exp $");
 #endif
 #endif /* not lint */
 
@@ -774,23 +774,24 @@
        struct tftphdr *tp;
        int length;
        const struct errmsg *pe;
+       size_t msglen;
 
        tp = (struct tftphdr *)buf;
        tp->th_opcode = htons((u_short)ERROR);
+       msglen = sizeof(buf) - (&tp->th_msg[0] - buf);
        for (pe = errmsgs; pe->e_code >= 0; pe++)
                if (pe->e_code == error)
                        break;
        if (pe->e_code < 0) {
                tp->th_code = EUNDEF;   /* set 'undef' errorcode */
-               strcpy(tp->th_msg, strerror(error - 100));
+               strlcpy(tp->th_msg, strerror(error - 100), msglen);
        } else {
                tp->th_code = htons((u_short)error);
-               strcpy(tp->th_msg, pe->e_msg);
+               strlcpy(tp->th_msg, pe->e_msg, msglen);
        }
-       length = strlen(pe->e_msg);
-       tp->th_msg[length] = '\0';
-       length += 5;
-       if (send(peer, buf, length, 0) != length)
+       length = strlen(tp->th_msg);
+       msglen = &tp->th_msg[length + 1] - buf;
+       if (send(peer, buf, msglen, 0) != msglen)
                syslog(LOG_ERR, "nak: %m");
 }

Prev by Date: [src/trunk]: src/sys/arch/pmax/pmax PMIN vs. PMAX in boot message. Pointed ou...
Next by Date: [src/trunk]: src/dist/am-utils Import of am-utils-6.0.4 source for reachover ...
Previous by Thread: [src/trunk]: src/sys/arch/pmax/pmax PMIN vs. PMAX in boot message. Pointed ou...
Next by Thread: [src/trunk]: src/dist/am-utils Import of am-utils-6.0.4 source for reachover ...
Indexes:

Home | Main Index | Thread Index | Old Index