]> granicus.if.org Git - sudo/commitdiff
projects / sudo / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d529fea)
oflow detection in expand_prompt() was faulty (false positives).
authorTodd C. Miller <Todd.Miller@courtesan.com>
Tue, 1 Apr 2003 14:58:55 +0000 (14:58 +0000)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Tue, 1 Apr 2003 14:58:55 +0000 (14:58 +0000)
The count was based on strlcat() return value which includes the
length of the entire string.

check.c patch | blob | history

diff --git a/check.c b/check.c
index 4535b575fc53e7dead0c8359f662fc1302eb0d12..e2eb7b20d69b56f6e9f7f75abdc00e0a527317c9 100644 (file)
--- a/check.c
+++ b/check.c
@@ -216,32 +216,35 @@ expand_prompt(old_prompt, user, host)
 
     if (subst) {
        new_prompt = (char *) emalloc(++len);
-       *new_prompt = '\0';
-       endp = new_prompt + len - 1;
+       endp = new_prompt + len;
        for (p = old_prompt, np = new_prompt; *p; p++) {
            if (p[0] =='%') {
                switch (p[1]) {
                    case 'h':
                        p++;
-                       if ((n = strlcat(new_prompt, user_shost, len)) >= len)
+                       n = strlcpy(np, user_shost, np - endp);
+                       if (n >= np - endp)
                            goto oflow;
                        np += n;
                        continue;
                    case 'H':
                        p++;
-                       if ((n = strlcat(new_prompt, user_host, len)) >= len)
+                       n = strlcpy(np, user_host, np - endp);
+                       if (n >= np - endp)
                            goto oflow;
                        np += n;
                        continue;
                    case 'u':
                        p++;
-                       if ((n = strlcat(new_prompt, user_name, len)) >= len)
+                       n = strlcpy(np, user_name, np - endp);
+                       if (n >= np - endp)
                            goto oflow;
                        np += n;
                        continue;
                    case 'U':
                        p++;
-                       if ((n = strlcat(new_prompt, *user_runas, len)) >= len)
+                       n = strlcpy(np,  *user_runas, np - endp);
+                       if (n >= np - endp)
                            goto oflow;
                        np += n;
                        continue;
@@ -254,9 +257,9 @@ expand_prompt(old_prompt, user, host)
                        break;
                }
            }
+           *np++ = *p;
            if (np >= endp)
                goto oflow;
-           *np++ = *p;
        }
        *np = '\0';
     } else
Unnamed repository; edit this file 'description' to name the repository.