Author: pfg Date: Tue Aug 4 03:06:23 2015 New Revision: 286269 URL: https://svnweb.freebsd.org/changeset/base/286269
Log: MFC r286102: Buffer overflow in wall(1). This affected syslogd, wall and talkd. Detected by FORTIFY_SOURCE GSoC (with clang). Submitted by: Oliver Pinter Differential Revision: https://reviews.freebsd.org/D3254 Reviewed by: delphij, jmg Modified: stable/10/usr.bin/wall/ttymsg.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.bin/wall/ttymsg.c ============================================================================== --- stable/10/usr.bin/wall/ttymsg.c Tue Aug 4 02:56:31 2015 (r286268) +++ stable/10/usr.bin/wall/ttymsg.c Tue Aug 4 03:06:23 2015 (r286269) @@ -62,7 +62,7 @@ ttymsg(struct iovec *iov, int iovcnt, co struct iovec localiov[7]; ssize_t left, wret; int cnt, fd; - static char device[MAXNAMLEN] = _PATH_DEV; + char device[MAXNAMLEN] = _PATH_DEV; static char errbuf[1024]; char *p; int forked; @@ -71,8 +71,8 @@ ttymsg(struct iovec *iov, int iovcnt, co if (iovcnt > (int)(sizeof(localiov) / sizeof(localiov[0]))) return ("too many iov's (change code in wall/ttymsg.c)"); + strlcat(device, line, sizeof(device)); p = device + sizeof(_PATH_DEV) - 1; - strlcpy(p, line, sizeof(device)); if (strncmp(p, "pts/", 4) == 0) p += 4; if (strchr(p, '/') != NULL) { _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to "[email protected]"
