Sat Oct 5 23:30:22 2019 UTC ()
memcpy->strncpy, and avoid copying beyond the static string length
into potentially unmapped regions.


(mrg)
diff -r1.18 -r1.19 src/usr.sbin/eeprom/eehandlers.c
cvs diff -r1.18 -r1.19 src/usr.sbin/eeprom/eehandlers.c (expand / switch to unified diff)

--- src/usr.sbin/eeprom/eehandlers.c 2013/07/02 11:59:46 1.18
+++ src/usr.sbin/eeprom/eehandlers.c 2019/10/05 23:30:22 1.19
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: eehandlers.c,v 1.18 2013/07/02 11:59:46 joerg Exp $ */ 1/* $NetBSD: eehandlers.c,v 1.19 2019/10/05 23:30:22 mrg Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 1996 The NetBSD Foundation, Inc. 4 * Copyright (c) 1996 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to The NetBSD Foundation 7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Jason R. Thorpe. 8 * by Jason R. Thorpe.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -520,27 +520,27 @@ badval(const struct keytabent *ktent, ch @@ -520,27 +520,27 @@ badval(const struct keytabent *ktent, ch
520 520
521 warnx("inappropriate value `%s' for field `%s'", arg, 521 warnx("inappropriate value `%s' for field `%s'", arg,
522 ktent->kt_keyword); 522 ktent->kt_keyword);
523} 523}
524 524
525static int 525static int
526doio(const struct keytabent *ktent, u_char *buf, ssize_t len, int wr) 526doio(const struct keytabent *ktent, u_char *buf, ssize_t len, int wr)
527{ 527{
528 int fd, rval = 0; 528 int fd, rval = 0;
529 u_char *buf2; 529 u_char *buf2;
530 530
531 buf2 = (u_char *)calloc(1, len); 531 buf2 = (u_char *)calloc(1, len);
532 if (buf2 == NULL) { 532 if (buf2 == NULL) {
533 memcpy(err_str, "memory allocation failed", sizeof err_str); 533 strncpy(err_str, "memory allocation failed", sizeof err_str);
534 return (1); 534 return (1);
535 } 535 }
536 536
537 fd = open(path_eeprom, wr == IO_WRITE ? O_RDWR : O_RDONLY, 0640); 537 fd = open(path_eeprom, wr == IO_WRITE ? O_RDWR : O_RDONLY, 0640);
538 if (fd < 0) { 538 if (fd < 0) {
539 (void)snprintf(err_str, sizeof err_str, "open: %s: %s", path_eeprom, 539 (void)snprintf(err_str, sizeof err_str, "open: %s: %s", path_eeprom,
540 strerror(errno)); 540 strerror(errno));
541 free(buf2); 541 free(buf2);
542 return (1); 542 return (1);
543 } 543 }
544 544
545 if (lseek(fd, (off_t)ktent->kt_offset, SEEK_SET) < (off_t)0) { 545 if (lseek(fd, (off_t)ktent->kt_offset, SEEK_SET) < (off_t)0) {
546 (void)snprintf(err_str, sizeof err_str, "lseek: %s: %s", 546 (void)snprintf(err_str, sizeof err_str, "lseek: %s: %s",