[src/trunk]: src/libexec/talkd verify strvis() buffer length is enough. make...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d6795b998c6b
branches:  trunk
changeset: 539543:d6795b998c6b
user:      itojun <itojun%NetBSD.org@localhost>
date:      Wed Nov 20 21:01:57 2002 +0000

description:
verify strvis() buffer length is enough.  make sure string termination before
use.  remove extra ntohs() which is not needed.  from Charles Blundell

diffstat:

 libexec/talkd/announce.c |   6 ++++--
 libexec/talkd/talkd.c    |  11 ++++++-----
 2 files changed, 10 insertions(+), 7 deletions(-)

diffs (65 lines):

diff -r 7622652724e0 -r d6795b998c6b libexec/talkd/announce.c
--- a/libexec/talkd/announce.c  Wed Nov 20 19:20:24 2002 +0000
+++ b/libexec/talkd/announce.c  Wed Nov 20 21:01:57 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: announce.c,v 1.16 2002/09/25 04:57:59 itojun Exp $     */
+/*     $NetBSD: announce.c,v 1.17 2002/11/20 21:01:57 itojun Exp $     */
 
 /*
  * Copyright (c) 1983, 1993
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)announce.c 8.3 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: announce.c,v 1.16 2002/09/25 04:57:59 itojun Exp $");
+__RCSID("$NetBSD: announce.c,v 1.17 2002/11/20 21:01:57 itojun Exp $");
 #endif
 #endif /* not lint */
 
@@ -129,6 +129,8 @@
        sizes[i] = strlen(line_buf[i]);
        max_size = max(max_size, sizes[i]);
        i++;
+       if (strlen(request->l_name) + 1 > sizeof(vis_user) / 4)
+               return (FAILED);
        strvis(vis_user, request->l_name, VIS_CSTYLE);
        (void)snprintf(line_buf[i], N_CHARS,
            "talk: connection requested by %s@%s.", vis_user, remote_machine);
diff -r 7622652724e0 -r d6795b998c6b libexec/talkd/talkd.c
--- a/libexec/talkd/talkd.c     Wed Nov 20 19:20:24 2002 +0000
+++ b/libexec/talkd/talkd.c     Wed Nov 20 21:01:57 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: talkd.c,v 1.15 2002/10/08 02:50:51 itojun Exp $        */
+/*     $NetBSD: talkd.c,v 1.16 2002/11/20 21:01:57 itojun Exp $        */
 
 /*
  * Copyright (c) 1983, 1993
@@ -43,7 +43,7 @@
 #if 0
 static char sccsid[] = "@(#)talkd.c    8.1 (Berkeley) 6/4/93";
 #else
-__RCSID("$NetBSD: talkd.c,v 1.15 2002/10/08 02:50:51 itojun Exp $");
+__RCSID("$NetBSD: talkd.c,v 1.16 2002/11/20 21:01:57 itojun Exp $");
 #endif
 #endif /* not lint */
 
@@ -129,15 +129,16 @@
                                syslog(LOG_WARNING, "recv: %m");
                        continue;
                }
-               lastmsgtime = time(0);
-               process_request(mp, &response);
 
                mp->l_name[sizeof(mp->l_name) - 1] = '\0';
                mp->r_name[sizeof(mp->r_name) - 1] = '\0';
                mp->r_tty[sizeof(mp->r_tty) - 1] = '\0';
 
+               lastmsgtime = time(0);
+               process_request(mp, &response);
+
                (void)memcpy(&ctl_addr, &mp->ctl_addr, sizeof(ctl_addr));
-               ctl_addr.sa_family = ntohs(mp->ctl_addr.sa_family);
+               ctl_addr.sa_family = mp->ctl_addr.sa_family;
                ctl_addr.sa_len = sizeof(ctl_addr);
                if (ctl_addr.sa_family != AF_INET)
                        continue;