From f520b5e8947bfc46f0a9dae1a2a5d37ffb81ec6d Mon Sep 17 00:00:00 2001 From: Warner Losh Date: Tue, 9 Jun 1998 05:01:38 +0000 Subject: [PATCH] use strncpy correctly use strncat correctly check buffer size in graph_name Change paths from /tmp to /var/run for server sockets This has been building in my tree for ages, but has remained lightly tested. Reviewed by: jkh ages ago --- usr.sbin/mrouted/cfparse.y | 4 +++- usr.sbin/mrouted/config.c | 3 ++- usr.sbin/mrouted/mapper.c | 27 ++++++++++++++++++--------- usr.sbin/mrouted/mrinfo.c | 7 ++++--- usr.sbin/mrouted/mtrace.c | 8 +++++--- usr.sbin/mrouted/rsrr.h | 5 +++-- usr.sbin/mrouted/vif.c | 12 +++++++----- 7 files changed, 42 insertions(+), 24 deletions(-) diff --git a/usr.sbin/mrouted/cfparse.y b/usr.sbin/mrouted/cfparse.y index e42064ea7677..e5a1dc9b9f5f 100644 --- a/usr.sbin/mrouted/cfparse.y +++ b/usr.sbin/mrouted/cfparse.y @@ -4,7 +4,7 @@ * * Written by Bill Fenner, NRL, 1994 * - * $Id$ + * $Id: cfparse.y,v 1.7 1997/02/22 16:06:48 peter Exp $ */ #include #ifdef __STDC__ @@ -128,6 +128,7 @@ stmt : error inet_fmt($2, s1)); strncpy(ffr.ifr_name, ifr->ifr_name, IFNAMSIZ); + ffr.ifr_name[IFNAMSIZ-1]='\0'; if (ioctl(udp_socket, SIOCGIFFLAGS, (char *)&ffr)<0) fatal("ioctl SIOCGIFFLAGS on %s",ffr.ifr_name); if (ffr.ifr_flags & IFF_LOOPBACK) @@ -166,6 +167,7 @@ stmt : error v->uv_subnetmask= 0; v->uv_subnetbcast= 0; strncpy(v->uv_name, ffr.ifr_name, IFNAMSIZ); + v->uv_name[IFNAMSIZ-1]='\0'; v->uv_groups = NULL; v->uv_neighbors = NULL; v->uv_acl = NULL; diff --git a/usr.sbin/mrouted/config.c b/usr.sbin/mrouted/config.c index 1f5c0cfc8a63..61f43eba6361 100644 --- a/usr.sbin/mrouted/config.c +++ b/usr.sbin/mrouted/config.c @@ -9,7 +9,7 @@ #ifndef lint static const char rcsid[] = - "$Id$"; + "$Id: config.c,v 1.11 1998/01/16 07:17:41 charnier Exp $"; #endif /* not lint */ #include "defs.h" @@ -125,6 +125,7 @@ config_vifs_from_kernel() v->uv_subnetmask = mask; v->uv_subnetbcast = subnet | ~mask; strncpy(v->uv_name, ifr.ifr_name, IFNAMSIZ); + v->uv_name[IFNAMSIZ-1] = '\0'; v->uv_groups = NULL; v->uv_neighbors = NULL; v->uv_acl = NULL; diff --git a/usr.sbin/mrouted/mapper.c b/usr.sbin/mrouted/mapper.c index 10fffb71140e..e440bbcb9b30 100644 --- a/usr.sbin/mrouted/mapper.c +++ b/usr.sbin/mrouted/mapper.c @@ -21,7 +21,7 @@ #ifndef lint static const char rcsid[] = - "$Id$"; + "$Id: mapper.c,v 1.12 1998/01/16 07:17:43 charnier Exp $"; #endif /* not lint */ #include @@ -87,7 +87,7 @@ void ask2 __P((u_int32 dst)); int retry_requests __P((Node *node)); char * inet_name __P((u_int32 addr)); void print_map __P((Node *node)); -char * graph_name __P((u_int32 addr, char *buf)); +char * graph_name __P((u_int32 addr, char *buf, int len)); void graph_edges __P((Node *node)); void elide_aliases __P((Node *node)); void graph_map __P((void)); @@ -192,8 +192,9 @@ log(severity, syserr, format, va_alist) default: fmt[0] = '\0'; if (severity == LOG_WARNING) - strcat(fmt, "warning - "); - strncat(fmt, format, 80); + strcpy(fmt, "warning - "); + strncat(fmt, format, sizeof(fmt)-strlen(fmt)); + fmt[sizeof(fmt)-1]='\0'; vfprintf(stderr, fmt, ap); if (syserr == 0) fprintf(stderr, "\n"); @@ -703,15 +704,23 @@ void print_map(node) } -char *graph_name(addr, buf) +char *graph_name(addr, buf, len) u_int32 addr; char *buf; + int len; { char *name; - if (show_names && (name = inet_name(addr))) - strcpy(buf, name); - else + if (len < sizeof("255.255.255.255")) { + fprintf(stderr, +"Buffer too small in graph_name, provided %d bytes, but needed %d.\n", + len, sizeof("255.255.255.255")); + return NULL; + } + if (show_names && (name = inet_name(addr))) { + strncpy(buf, name, len - 1); + buf[len - 1] = '\0'; + } else inet_fmt(addr, buf); return buf; @@ -731,7 +740,7 @@ void graph_edges(node) printf(" %d {$ NP %d0 %d0 $} \"%s%s\" \n", (int) node->addr, node->addr & 0xFF, (node->addr >> 8) & 0xFF, - graph_name(node->addr, name), + graph_name(node->addr, name, sizeof(name)), node->u.interfaces ? "" : "*"); for (ifc = node->u.interfaces; ifc; ifc = ifc->next) for (nb = ifc->neighbors; nb; nb = nb->next) { diff --git a/usr.sbin/mrouted/mrinfo.c b/usr.sbin/mrouted/mrinfo.c index 5a62e8ae8643..b62249e080de 100644 --- a/usr.sbin/mrouted/mrinfo.c +++ b/usr.sbin/mrouted/mrinfo.c @@ -61,7 +61,7 @@ #ifndef lint static const char rcsid[] = - "$Id: mrinfo.c,v 1.13 1997/09/30 06:15:08 charnier Exp $"; + "$Id: mrinfo.c,v 1.14 1998/01/16 07:17:43 charnier Exp $"; /* original rcsid: "@(#) Header: mrinfo.c,v 1.6 93/04/08 15:14:16 van Exp (LBL)"; */ @@ -158,8 +158,9 @@ log(severity, syserr, format, va_alist) default: fmt[0] = '\0'; if (severity == LOG_WARNING) - strcat(fmt, "warning - "); - strncat(fmt, format, 80); + strcpy(fmt, "warning - "); + strncat(fmt, format, sizeof(fmt)-strlen(fmt)); + fmt[sizeof(fmt)-1]='\0'; vfprintf(stderr, fmt, ap); if (syserr == 0) fprintf(stderr, "\n"); diff --git a/usr.sbin/mrouted/mtrace.c b/usr.sbin/mrouted/mtrace.c index 575acd7296c3..ba2a4d44e8fd 100644 --- a/usr.sbin/mrouted/mtrace.c +++ b/usr.sbin/mrouted/mtrace.c @@ -100,7 +100,7 @@ #ifndef lint static const char rcsid[] = - "$Id: mtrace.c,v 1.12 1997/09/30 06:15:16 charnier Exp $"; + "$Id: mtrace.c,v 1.13 1998/01/16 07:17:44 charnier Exp $"; #endif #include @@ -2654,8 +2654,10 @@ log(severity, syserr, format, va_alist) case 2: if (severity > LOG_INFO ) return; default: fmt[0] = '\0'; - if (severity == LOG_WARNING) strcat(fmt, "warning - "); - strncat(fmt, format, 80); + if (severity == LOG_WARNING) + strcpy(fmt, "warning - "); + strncat(fmt, format, sizeof(fmt)-strlen(fmt)); + fmt[sizeof(fmt)-1]='\0'; vfprintf(stderr, fmt, ap); if (syserr == 0) fprintf(stderr, "\n"); diff --git a/usr.sbin/mrouted/rsrr.h b/usr.sbin/mrouted/rsrr.h index 8bc8c9176535..c88f8ce78e8e 100644 --- a/usr.sbin/mrouted/rsrr.h +++ b/usr.sbin/mrouted/rsrr.h @@ -24,9 +24,10 @@ * noted when applicable. */ -#define RSRR_SERV_PATH "/tmp/.rsrr_svr" +#define RSRR_SERV_PATH "/var/run/rsrr_svr" /* Note this needs to be 14 chars for 4.3 BSD compatibility */ -#define RSRR_CLI_PATH "/tmp/.rsrr_cli" +/* Note This appears to be unused */ +#define RSRR_CLI_PATH "/var/run/rsrr_cli" #define RSRR_MAX_LEN 2048 #define RSRR_HEADER_LEN (sizeof(struct rsrr_header)) diff --git a/usr.sbin/mrouted/vif.c b/usr.sbin/mrouted/vif.c index 681585af0d13..4ce99edf49dd 100644 --- a/usr.sbin/mrouted/vif.c +++ b/usr.sbin/mrouted/vif.c @@ -9,7 +9,7 @@ #ifndef lint static const char rcsid[] = - "$Id$"; + "$Id: vif.c,v 1.12 1998/01/16 07:17:45 charnier Exp $"; #endif /* not lint */ #include "defs.h" @@ -42,7 +42,7 @@ static void start_vif2 __P((vifi_t vifi)); static void stop_vif __P((vifi_t vifi)); static void age_old_hosts __P((void)); static void send_probe_on_vif __P((struct uvif *v)); -static int info_version __P((char *p)); +static int info_version __P((char *p, int plen)); static void DelVif __P((void *arg)); static int SetTimer __P((int vifi, struct listaddr *g)); static int DeleteTimer __P((int id)); @@ -876,7 +876,7 @@ accept_info_request(src, dst, p, datalen) len = 0; switch (*p) { case DVMRP_INFO_VERSION: - len = info_version(q); + len = info_version(q, RECV_BUF_SIZE-(q-(u_char *)send_buf)); break; case DVMRP_INFO_NEIGHBORS: @@ -901,8 +901,9 @@ accept_info_request(src, dst, p, datalen) * Information response -- return version string */ static int -info_version(p) +info_version(p, plen) char *p; + int plen; { int len; extern char versionstring[]; @@ -911,7 +912,8 @@ info_version(p) p++; /* skip over length */ *p++ = 0; /* zero out */ *p++ = 0; /* reserved fields */ - strcpy(p, versionstring); /* XXX strncpy!!! */ + strncpy(p, versionstring, plen - 4); + p[plen-5] = '\0'; len = strlen(versionstring); return ((len + 3) / 4);