svn commit: r292454 - head/bin/ed

Warner Losh imp at bsdimp.com
Fri Dec 18 22:01:42 UTC 2015 

Isn’t strlcpy() the more appropriate interface? strncpy doesn’t guarantee NUL termination.

Warner

> On Dec 18, 2015, at 2:58 PM, Pedro F. Giffuni <pfg at FreeBSD.org> wrote:
> 
> Author: pfg
> Date: Fri Dec 18 21:58:42 2015
> New Revision: 292454
> URL: https://svnweb.freebsd.org/changeset/base/292454
> 
> Log:
>  ed(1): Prevent possible string overflows
> 
>  CID:		1007252
>  MFC after:	2 weeks
> 
> Modified:
>  head/bin/ed/main.c
> 
> Modified: head/bin/ed/main.c
> ==============================================================================
> --- head/bin/ed/main.c	Fri Dec 18 21:34:28 2015	(r292453)
> +++ head/bin/ed/main.c	Fri Dec 18 21:58:42 2015	(r292454)
> @@ -505,7 +505,8 @@ exec_command(void)
> 			return ERR;
> 		else if (open_sbuf() < 0)
> 			return FATAL;
> -		if (*fnp && *fnp != '!') strcpy(old_filename, fnp);
> +		if (*fnp && *fnp != '!')
> +			 strncpy(old_filename, fnp, PATH_MAX);
> #ifdef BACKWARDS
> 		if (*fnp == '\0' && *old_filename == '\0') {
> 			errmsg = "no current filename";
> @@ -532,7 +533,8 @@ exec_command(void)
> 			return ERR;
> 		}
> 		GET_COMMAND_SUFFIX();
> -		if (*fnp) strcpy(old_filename, fnp);
> +		if (*fnp)
> +			strncpy(old_filename, fnp, PATH_MAX);
> 		printf("%s\n", strip_escapes(old_filename));
> 		break;
> 	case 'g':
> @@ -663,7 +665,7 @@ exec_command(void)
> 		GET_COMMAND_SUFFIX();
> 		if (!isglobal) clear_undo_stack();
> 		if (*old_filename == '\0' && *fnp != '!')
> -			strcpy(old_filename, fnp);
> +			strncpy(old_filename, fnp, PATH_MAX);
> #ifdef BACKWARDS
> 		if (*fnp == '\0' && *old_filename == '\0') {
> 			errmsg = "no current filename";
> @@ -797,7 +799,7 @@ exec_command(void)
> 			return ERR;
> 		GET_COMMAND_SUFFIX();
> 		if (*old_filename == '\0' && *fnp != '!')
> -			strcpy(old_filename, fnp);
> +			strncpy(old_filename, fnp, PATH_MAX);
> #ifdef BACKWARDS
> 		if (*fnp == '\0' && *old_filename == '\0') {
> 			errmsg = "no current filename";
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20151218/207356d1/attachment.sig>

More information about the svn-src-head mailing list