From 526b38444a533a02d899768b07f130f95a6c279b Mon Sep 17 00:00:00 2001 From: thib Date: Wed, 14 Feb 2001 13:51:14 +0000 Subject: [PATCH] more secure about buffer overflows --- conf.c | 3 ++- fcrontab.c | 6 +++--- fileconf.c | 6 +++--- job.c | 8 ++++---- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/conf.c b/conf.c index ec0d414..4d2bf85 100644 --- a/conf.c +++ b/conf.c @@ -22,7 +22,7 @@ * `LICENSE' that comes with the fcron source distribution. */ - /* $Id: conf.c,v 1.38 2001-01-30 15:53:27 thib Exp $ */ + /* $Id: conf.c,v 1.39 2001-02-14 13:52:50 thib Exp $ */ #include "fcron.h" @@ -354,6 +354,7 @@ read_str(FILE *f, char *buf, int max) for (i = 0; i < max; i++) if ( (buf[i] = fgetc(f)) == '\0') break; + buf[max-1] = '\0'; if ( strlen(buf) == 0 ) return NULL; diff --git a/fcrontab.c b/fcrontab.c index 5963a71..0ee0e73 100644 --- a/fcrontab.c +++ b/fcrontab.c @@ -22,7 +22,7 @@ * `LICENSE' that comes with the fcron source distribution. */ - /* $Id: fcrontab.c,v 1.30 2001-02-10 12:53:29 thib Exp $ */ + /* $Id: fcrontab.c,v 1.31 2001-02-14 13:51:14 thib Exp $ */ /* * The goal of this program is simple : giving a user interface to fcron @@ -42,7 +42,7 @@ #include "fcrontab.h" -char rcs_info[] = "$Id: fcrontab.c,v 1.30 2001-02-10 12:53:29 thib Exp $"; +char rcs_info[] = "$Id: fcrontab.c,v 1.31 2001-02-14 13:51:14 thib Exp $"; void info(void); void usage(void); @@ -870,7 +870,7 @@ main(int argc, char **argv) /* this is just the file name, not the path : complete it */ snprintf(file,sizeof(file),"%s/%s",orig_dir,argv[file_opt]); else - strncpy(file, argv[file_opt], sizeof(file)); + strncpy(file, argv[file_opt], sizeof(file) - 1); if (make_file(file) == OK) xexit ( EXIT_OK ); diff --git a/fileconf.c b/fileconf.c index 7dd494d..125d19d 100644 --- a/fileconf.c +++ b/fileconf.c @@ -22,7 +22,7 @@ * `LICENSE' that comes with the fcron source distribution. */ - /* $Id: fileconf.c,v 1.39 2001-02-10 12:53:57 thib Exp $ */ + /* $Id: fileconf.c,v 1.40 2001-02-14 13:51:56 thib Exp $ */ #include "fcrontab.h" @@ -345,8 +345,8 @@ read_env(char *ptr, CF *cf) Alloc(env, env_t); - strcat(name, "="); - env->e_val = strdup2( strcat(name, val) ); + strncat(name, "=", sizeof(name) - strlen(name) - 1); + env->e_val = strdup2( strncat(name,val,sizeof(name)-strlen(name)-1) ); env->e_next = cf->cf_env_base; cf->cf_env_base = env; } diff --git a/job.c b/job.c index ad3f162..3131053 100644 --- a/job.c +++ b/job.c @@ -22,7 +22,7 @@ * `LICENSE' that comes with the fcron source distribution. */ - /* $Id: job.c,v 1.34 2001-02-10 12:56:12 thib Exp $ */ + /* $Id: job.c,v 1.35 2001-02-14 13:53:08 thib Exp $ */ #include "fcron.h" @@ -50,11 +50,11 @@ change_user(char *user_name) { char buf[PATH_LEN + 5]; strcat( strcpy(buf, "USER"), "="); - putenv( strncat(buf, pas->pw_name, sizeof(buf)-5) ); + putenv( strncat(buf, pas->pw_name, sizeof(buf)-6) ); strcat( strcpy(buf, "HOME"), "="); - putenv( strncat(buf, pas->pw_dir, sizeof(buf)-5) ); + putenv( strncat(buf, pas->pw_dir, sizeof(buf)-6) ); strcat( strcpy(buf, "SHELL"), "="); - putenv( strncat(buf, pas->pw_shell, sizeof(buf)-6) ); + putenv( strncat(buf, pas->pw_shell, sizeof(buf)-7) ); } #endif /* HAVE_SETENV */ -- 2.40.0