FreeBSD Bugzilla – Attachment 215637 Details for
Bug 246050
Buffer overflows in fortune's strfile, unstr and randstr
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch for fortune and strfile
PR246050.diff (text/plain), 1.60 KB, created by
Akos Somfai
on 2020-06-16 20:41:33 UTC
(
hide
)
Description:
proposed patch for fortune and strfile
Filename:
MIME Type:
Creator:
Akos Somfai
Created:
2020-06-16 20:41:33 UTC
Size:
1.60 KB
patch
obsolete
>Index: usr.bin/fortune/fortune/fortune.c >=================================================================== >--- usr.bin/fortune/fortune/fortune.c (revision 362175) >+++ usr.bin/fortune/fortune/fortune.c (working copy) >@@ -400,11 +400,12 @@ > sp = files[i]; > else { > percent = 0; >- for (sp = files[i]; isdigit((unsigned char)*sp); sp++) >+ for (sp = files[i]; isdigit((unsigned char)*sp); sp++) { > percent = percent * 10 + *sp - '0'; >- if (percent > 100) { >- fprintf(stderr, "percentages must be <= 100\n"); >- return (FALSE); >+ if (percent > 100) { >+ fprintf(stderr, "percentages must be <= 100\n"); >+ return (FALSE); >+ } > } > if (*sp == '.') { > fprintf(stderr, "percentages must be integers\n"); >Index: usr.bin/fortune/strfile/strfile.c >=================================================================== >--- usr.bin/fortune/strfile/strfile.c (revision 362175) >+++ usr.bin/fortune/strfile/strfile.c (working copy) >@@ -295,8 +295,12 @@ > > if (*argv) { > Infile = *argv; >- if (*++argv) >- strcpy(Outfile, *argv); >+ if (*++argv) { >+ if (strlcpy(Outfile, *argv, sizeof(Outfile)) >= sizeof(Outfile)) { >+ fprintf(stderr, "output_file path is not valid\n"); >+ exit(EXIT_FAILURE); >+ } >+ } > } > if (!Infile) { > puts("No input file name"); >@@ -303,8 +307,10 @@ > usage(); > } > if (*Outfile == '\0') { >- strlcpy(Outfile, Infile, sizeof(Outfile)); >- strlcat(Outfile, ".dat", sizeof(Outfile)); >+ if ((size_t)snprintf(Outfile, sizeof(Outfile), "%s.dat", Infile) >= sizeof(Outfile)) { >+ fprintf(stderr, "generated output_file path is not valid\n"); >+ exit(EXIT_FAILURE); >+ } > } > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 246050
: 215637