more secure about buffer overflows

diff --git a/conf.c b/conf.c
index ec0d414545bae7717c85fc942b579f5d4b529358..4d2bf85762614d48474ae23264402ae482a57a21 100644 (file)
--- a/conf.c
+++ b/conf.c
@@ -22,7 +22,7 @@
  *  `LICENSE' that comes with the fcron source distribution.
  */
 
- /* $Id: conf.c,v 1.38 2001-01-30 15:53:27 thib Exp $ */
+ /* $Id: conf.c,v 1.39 2001-02-14 13:52:50 thib Exp $ */
 
 #include "fcron.h"
 
@@ -354,6 +354,7 @@ read_str(FILE *f, char *buf, int max)
     for (i = 0; i < max; i++)
        if ( (buf[i] = fgetc(f)) == '\0')
            break;
+    buf[max-1] = '\0';
 
     if ( strlen(buf) == 0 )
        return NULL;

diff --git a/fcrontab.c b/fcrontab.c
index 5963a712e76aca2456de6beebd85e260cb035f25..0ee0e73244f8b61e67cf7d65494d2282c158cc48 100644 (file)
--- a/fcrontab.c
+++ b/fcrontab.c
@@ -22,7 +22,7 @@
  *  `LICENSE' that comes with the fcron source distribution.
  */
 
- /* $Id: fcrontab.c,v 1.30 2001-02-10 12:53:29 thib Exp $ */
+ /* $Id: fcrontab.c,v 1.31 2001-02-14 13:51:14 thib Exp $ */
 
 /* 
  * The goal of this program is simple : giving a user interface to fcron
@@ -42,7 +42,7 @@
 
 #include "fcrontab.h"
 
-char rcs_info[] = "$Id: fcrontab.c,v 1.30 2001-02-10 12:53:29 thib Exp $";
+char rcs_info[] = "$Id: fcrontab.c,v 1.31 2001-02-14 13:51:14 thib Exp $";
 
 void info(void);
 void usage(void);
@@ -870,7 +870,7 @@ main(int argc, char **argv)
                /* this is just the file name, not the path : complete it */
                snprintf(file,sizeof(file),"%s/%s",orig_dir,argv[file_opt]);
            else
-               strncpy(file, argv[file_opt], sizeof(file));
+               strncpy(file, argv[file_opt], sizeof(file) - 1);
 
            if (make_file(file) == OK)
                xexit ( EXIT_OK );

diff --git a/fileconf.c b/fileconf.c
index 7dd494deef4862fdf66b7879c31e4abece621763..125d19ddba9d1d5d859a114e2c13a0413658ad6f 100644 (file)
--- a/fileconf.c
+++ b/fileconf.c
@@ -22,7 +22,7 @@
  *  `LICENSE' that comes with the fcron source distribution.
  */
 
- /* $Id: fileconf.c,v 1.39 2001-02-10 12:53:57 thib Exp $ */
+ /* $Id: fileconf.c,v 1.40 2001-02-14 13:51:56 thib Exp $ */
 
 #include "fcrontab.h"
 
@@ -345,8 +345,8 @@ read_env(char *ptr, CF *cf)
 
        Alloc(env, env_t);      
 
-       strcat(name, "=");
-       env->e_val = strdup2( strcat(name, val) );
+       strncat(name, "=", sizeof(name) - strlen(name) - 1);
+       env->e_val = strdup2( strncat(name,val,sizeof(name)-strlen(name)-1) );
        env->e_next = cf->cf_env_base;
        cf->cf_env_base = env;
     }

diff --git a/job.c b/job.c
index ad3f162279ccd37f1f9a4b8590bbac7987cab164..3131053772989c23afc02c7ed3d252a4ff00b342 100644 (file)
--- a/job.c
+++ b/job.c
@@ -22,7 +22,7 @@
  *  `LICENSE' that comes with the fcron source distribution.
  */
 
- /* $Id: job.c,v 1.34 2001-02-10 12:56:12 thib Exp $ */
+ /* $Id: job.c,v 1.35 2001-02-14 13:53:08 thib Exp $ */
 
 #include "fcron.h"
 
@@ -50,11 +50,11 @@ change_user(char *user_name)
     {
        char buf[PATH_LEN + 5];
        strcat( strcpy(buf, "USER"), "=");
-       putenv( strncat(buf, pas->pw_name, sizeof(buf)-5) );
+       putenv( strncat(buf, pas->pw_name, sizeof(buf)-6) );
        strcat( strcpy(buf, "HOME"), "=");
-       putenv( strncat(buf, pas->pw_dir, sizeof(buf)-5) );
+       putenv( strncat(buf, pas->pw_dir, sizeof(buf)-6) );
        strcat( strcpy(buf, "SHELL"), "=");
-       putenv( strncat(buf, pas->pw_shell, sizeof(buf)-6) );
+       putenv( strncat(buf, pas->pw_shell, sizeof(buf)-7) );
     }
 #endif /* HAVE_SETENV */