Module Name: src Committed By: martin Date: Thu Apr 30 16:24:03 UTC 2020
Modified Files: src/games/fortune/strfile [netbsd-7-1]: strfile.c src/games/fortune/unstr [netbsd-7-1]: unstr.c Log Message: Pull up following revision(s) (requested by nia in ticket #1729): games/fortune/strfile/strfile.c: revision 1.39 games/fortune/unstr/unstr.c: revision 1.15 strfile: Check that input/output filenames don't exceed the buffer size unstr: Check that the input filename fits in the buffer. To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.38.14.1 src/games/fortune/strfile/strfile.c cvs rdiff -u -r1.14 -r1.14.20.1 src/games/fortune/unstr/unstr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/games/fortune/strfile/strfile.c diff -u src/games/fortune/strfile/strfile.c:1.38 src/games/fortune/strfile/strfile.c:1.38.14.1 --- src/games/fortune/strfile/strfile.c:1.38 Thu Sep 19 00:34:00 2013 +++ src/games/fortune/strfile/strfile.c Thu Apr 30 16:24:03 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: strfile.c,v 1.38 2013/09/19 00:34:00 uwe Exp $ */ +/* $NetBSD: strfile.c,v 1.38.14.1 2020/04/30 16:24:03 martin Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -47,7 +47,7 @@ __COPYRIGHT("@(#) Copyright (c) 1989, 19 #if 0 static char sccsid[] = "@(#)strfile.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: strfile.c,v 1.38 2013/09/19 00:34:00 uwe Exp $"); +__RCSID("$NetBSD: strfile.c,v 1.38.14.1 2020/04/30 16:24:03 martin Exp $"); #endif #endif /* not lint */ #endif /* __NetBSD__ */ @@ -267,6 +267,7 @@ getargs(int argc, char **argv) int ch; extern int optind; extern char *optarg; + size_t len; while ((ch = getopt(argc, argv, "c:iorsx")) != -1) switch(ch) { @@ -300,14 +301,25 @@ getargs(int argc, char **argv) if (*argv) { Infile = *argv; - if (*++argv) - (void) strcpy(Outfile, *argv); + if (*++argv) { + len = strlen(*argv); + if (len >= sizeof(Outfile)) { + puts("Bad output filename"); + usage(); + } + (void) memcpy(Outfile, *argv, len + 1); + } } if (!Infile) { puts("No input file name"); usage(); } if (*Outfile == '\0') { + len = strlen(Infile) + sizeof(".dat"); + if (len > sizeof(Outfile)) { + puts("Bad input filename"); + usage(); + } (void) strcpy(Outfile, Infile); (void) strcat(Outfile, ".dat"); } Index: src/games/fortune/unstr/unstr.c diff -u src/games/fortune/unstr/unstr.c:1.14 src/games/fortune/unstr/unstr.c:1.14.20.1 --- src/games/fortune/unstr/unstr.c:1.14 Tue Jun 19 05:46:08 2012 +++ src/games/fortune/unstr/unstr.c Thu Apr 30 16:24:03 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: unstr.c,v 1.14 2012/06/19 05:46:08 dholland Exp $ */ +/* $NetBSD: unstr.c,v 1.14.20.1 2020/04/30 16:24:03 martin Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -42,7 +42,7 @@ __COPYRIGHT("@(#) Copyright (c) 1991, 19 #if 0 static char sccsid[] = "@(#)unstr.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: unstr.c,v 1.14 2012/06/19 05:46:08 dholland Exp $"); +__RCSID("$NetBSD: unstr.c,v 1.14.20.1 2020/04/30 16:24:03 martin Exp $"); #endif #endif /* not lint */ @@ -114,7 +114,7 @@ main(int ac __unused, char **av) void getargs(char *av[]) { - if (!*++av) { + if (!*++av || (strlen(*av) + sizeof(".dat")) > sizeof(Datafile)) { (void) fprintf(stderr, "usage: unstr datafile\n"); exit(1); }