Fix some possible buffer overflows in ipppd
This commit is contained in:
parent
fe14dca76c
commit
a822ef0ec6
|
@ -38,7 +38,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char auth_rcsid[] = "$Id: auth.c,v 1.19 2002/03/11 15:53:21 paul Exp $";
|
||||
char auth_rcsid[] = "$Id: auth.c,v 1.20 2002/07/06 00:12:26 keil Exp $";
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stddef.h>
|
||||
|
@ -664,7 +664,7 @@ int check_passwd(int linkunit,char *auser,int userlen,char *apasswd,
|
|||
|
||||
syslog(LOG_INFO,"Check_passwd called with user=%s\n",user);
|
||||
|
||||
strcpy(lns[linkunit].peer_authname,user);
|
||||
snprintf(lns[linkunit].peer_authname,sizeof(lns[0].peer_authname), "%s", user);
|
||||
|
||||
/*
|
||||
* Open the file of upap secrets and scan for a suitable secret
|
||||
|
@ -758,7 +758,7 @@ int radius_check_passwd(linkunit,auser,userlen,apasswd,passwdlen,msg,msglen)
|
|||
passwd[passwdlen] = '\0';
|
||||
BCOPY(auser, user, userlen);
|
||||
user[userlen] = '\0';
|
||||
strcpy(lns[linkunit].peer_authname,user);
|
||||
snprintf(lns[linkunit].peer_authname,sizeof(lns[0].peer_authname), "%s", user);
|
||||
|
||||
ret = UPAP_AUTHACK;
|
||||
|
||||
|
|
15
ipppd/main.c
15
ipppd/main.c
|
@ -25,7 +25,7 @@
|
|||
* PATCHLEVEL 9
|
||||
*/
|
||||
|
||||
char main_rcsid[] = "$Id: main.c,v 1.21 2002/07/06 00:11:18 keil Exp $";
|
||||
char main_rcsid[] = "$Id: main.c,v 1.22 2002/07/06 00:12:26 keil Exp $";
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
@ -253,16 +253,16 @@ int main(int argc,char **argv)
|
|||
die(1);
|
||||
}
|
||||
else {
|
||||
char devstr[1024];
|
||||
char devstr[128], devstr2[1024];
|
||||
sprintf(devstr,"Found %d device%s: ",numdev, numdev==1?"":"s");
|
||||
for(i=0;i<numdev;i++)
|
||||
{
|
||||
/* strcat(devstr,lns[i].devnam); */
|
||||
strcat(devstr,lns[i].ifname);
|
||||
/* strcat(devstr,lns[i].ifname); */
|
||||
snprintf(devstr2, sizeof(devstr2)-3, "%s%s", devstr, lns[i].ifname);
|
||||
if (i < numdev - 1)
|
||||
strcat(devstr,", ");
|
||||
strcat(devstr2,", ");
|
||||
}
|
||||
syslog(LOG_NOTICE,devstr);
|
||||
syslog(LOG_NOTICE,"%s", devstr2);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -305,7 +305,7 @@ int main(int argc,char **argv)
|
|||
p++;
|
||||
else
|
||||
p = lns[0].devnam;
|
||||
sprintf(pidfilename, "%s%s.%s.pid", _PATH_VARRUN, "ipppd", p);
|
||||
snprintf(pidfilename, sizeof(pidfilename), "%s%s.%s.pid", _PATH_VARRUN, "ipppd", p);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -929,6 +929,7 @@ int run_program(char *prog,char **args,int must_exist,int unit)
|
|||
setsid();
|
||||
umask (S_IRWXG|S_IRWXO);
|
||||
chdir ("/");
|
||||
/* AUD: full root privs? */
|
||||
setuid(geteuid());
|
||||
setgid(getegid());
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char options_rcsid[] = "$Id: options.c,v 1.20 2000/12/07 12:46:49 paul Exp $";
|
||||
char options_rcsid[] = "$Id: options.c,v 1.21 2002/07/06 00:12:26 keil Exp $";
|
||||
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
|
@ -1558,7 +1558,7 @@ static int setdevname(char *cp,int nd)
|
|||
if (stat(cp, &statbuf) < 0) {
|
||||
if (errno == ENOENT)
|
||||
return 0;
|
||||
syslog(LOG_ERR, cp);
|
||||
syslog(LOG_ERR, "%s", cp);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue