diff options
author | Ted Lemon <source@isc.org> | 2000-09-29 20:01:49 +0000 |
---|---|---|
committer | Ted Lemon <source@isc.org> | 2000-09-29 20:01:49 +0000 |
commit | 0a10a8df1da686c275a552e3390933b20c6cbfc9 (patch) | |
tree | 23a26cd94447f5ea93c90d7a67ae0b4f10c99769 /omapip/errwarn.c | |
parent | 723deaee8fd2e591695a5123cddf975a3f8f8de1 (diff) | |
download | isc-dhcp-0a10a8df1da686c275a552e3390933b20c6cbfc9.tar.gz |
Bounds check the output buffer in do_percentm.
Diffstat (limited to 'omapip/errwarn.c')
-rw-r--r-- | omapip/errwarn.c | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/omapip/errwarn.c b/omapip/errwarn.c index 475e2655..6dc6dd96 100644 --- a/omapip/errwarn.c +++ b/omapip/errwarn.c @@ -42,7 +42,7 @@ #ifndef lint static char copyright[] = -"$Id: errwarn.c,v 1.8 2000/09/04 22:28:10 mellon Exp $ Copyright (c) 1996 The Internet Software Consortium. All rights reserved.\n"; +"$Id: errwarn.c,v 1.9 2000/09/29 20:01:49 mellon Exp $ Copyright (c) 1996 The Internet Software Consortium. All rights reserved.\n"; #endif /* not lint */ #include <omapip/omapip_p.h> @@ -56,8 +56,9 @@ int log_perror = 1; int log_priority; void (*log_cleanup) (void); -static char mbuf [1024]; -static char fbuf [1024]; +#define CVT_BUF_MAX 1023 +static char mbuf [CVT_BUF_MAX + 1]; +static char fbuf [CVT_BUF_MAX + 1]; /* Log an error message, then exit... */ @@ -187,13 +188,11 @@ void do_percentm (obuf, ibuf) char *p = obuf; int infmt = 0; const char *m; + int len = 0; - while (*s) - { - if (infmt) - { - if (*s == 'm') - { + while (*s) { + if (infmt) { + if (*s == 'm') { #ifndef __CYGWIN32__ m = strerror (errno); #else @@ -201,21 +200,27 @@ void do_percentm (obuf, ibuf) #endif if (!m) m = "<unknown error>"; + len += strlen (m); + if (len > CVT_BUF_MAX) + goto out; strcpy (p - 1, m); p += strlen (p); ++s; - } - else + } else { + if (++len > CVT_BUF_MAX) + goto out; *p++ = *s++; + } infmt = 0; - } - else - { + } else { if (*s == '%') infmt = 1; + if (++len > CVT_BUF_MAX) + goto out; *p++ = *s++; } } + out: *p = 0; } |