[src/trunk]: src/usr.bin/ftp line2 may overrun if line is too long (> 200). ...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/ff59e5e17d8c
branches:  trunk
changeset: 521529:ff59e5e17d8c
user:      itojun <itojun%NetBSD.org@localhost>
date:      Fri Feb 01 05:04:43 2002 +0000

description:
line2 may overrun if line is too long (> 200).  be more careful on strcpy.
XXX strlen(argv[x]) should be checked before copies.

diffstat:

 usr.bin/ftp/domacro.c |  16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)

diffs (65 lines):

diff -r df0178bc495e -r ff59e5e17d8c usr.bin/ftp/domacro.c
--- a/usr.bin/ftp/domacro.c     Fri Feb 01 04:57:24 2002 +0000
+++ b/usr.bin/ftp/domacro.c     Fri Feb 01 05:04:43 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: domacro.c,v 1.18 2000/12/15 02:22:51 lukem Exp $       */
+/*     $NetBSD: domacro.c,v 1.19 2002/02/01 05:04:43 itojun Exp $      */
 
 /*
  * Copyright (c) 1985, 1993, 1994
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)domacro.c  8.3 (Berkeley) 4/2/94";
 #else
-__RCSID("$NetBSD: domacro.c,v 1.18 2000/12/15 02:22:51 lukem Exp $");
+__RCSID("$NetBSD: domacro.c,v 1.19 2002/02/01 05:04:43 itojun Exp $");
 #endif
 #endif /* not lint */
 
@@ -52,7 +52,7 @@
 domacro(int argc, char *argv[])
 {
        int i, j, count = 2, loopflg = 0;
-       char *cp1, *cp2, line2[200];
+       char *cp1, *cp2, line2[FTPBUFLEN];
        struct cmd *c;
 
        if ((argc == 0 && argv != NULL) ||
@@ -70,7 +70,7 @@
                code = -1;
                return;
        }
-       (void)strcpy(line2, line);
+       (void)strlcpy(line2, line, sizeof(line2));
  TOP:
        cp1 = macros[i].mac_start;
        while (cp1 != macros[i].mac_end) {
@@ -89,7 +89,8 @@
                                                j = 10*j +  *cp1 - '0';
                                        cp1--;
                                        if (argc - 2 >= j) {
-                                               (void)strcpy(cp2, argv[j+1]);
+                                               (void)strlcpy(cp2, argv[j+1],
+                                                   sizeof(line) - (cp2 - line));
                                                cp2 += strlen(argv[j+1]);
                                        }
                                        break;
@@ -98,7 +99,8 @@
                                        loopflg = 1;
                                        cp1++;
                                        if (count < argc) {
-                                               (void)strcpy(cp2, argv[count]);
+                                               (void)strlcpy(cp2, argv[count],
+                                                   sizeof(line) - (cp2 - line));
                                                cp2 += strlen(argv[count]);
                                        }
                                        break;
@@ -132,7 +134,7 @@
                        (*c->c_handler)(margc, margv);
                        if (bell && c->c_bell)
                                (void)putc('\007', ttyout);
-                       (void)strcpy(line, line2);
+                       (void)strlcpy(line, line2, sizeof(line));
                        makeargv();
                        argc = margc;
                        argv = margv;