diff options
| author | Warner Losh <imp@FreeBSD.org> | 1996-10-25 18:14:48 +0000 |
|---|---|---|
| committer | Warner Losh <imp@FreeBSD.org> | 1996-10-25 18:14:48 +0000 |
| commit | 4f6653b93044330a0156bd43b8fc50b6b6a02ed4 (patch) | |
| tree | 3394ac53df6a27692e8f33f299d8a44faeca28dd | |
| parent | 430d30d837db3ba56a7c19a55fed18a78728b93f (diff) | |
Fix a problem where the command line could be used to overflow a stack
buffer which could be made to lead to a root shell. This patch is
OpenBSD's solution to the problem, and will silently truncate the
output rather than overflow the buffer.
Obtained from: OpenBSD
Notes
Notes:
svn path=/head/; revision=19184
| -rw-r--r-- | usr.sbin/lpr/lpr/lpr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/lpr/lpr/lpr.c b/usr.sbin/lpr/lpr/lpr.c index 01b3b185198c..09ddc2e39194 100644 --- a/usr.sbin/lpr/lpr/lpr.c +++ b/usr.sbin/lpr/lpr/lpr.c @@ -45,7 +45,7 @@ static char copyright[] = #ifndef lint static char sccsid[] = "From: @(#)lpr.c 8.4 (Berkeley) 4/28/95" - "\n$Id$\n"; + "\n$Id: lpr.c,v 1.7 1996/05/11 19:00:55 joerg Exp $\n"; #endif /* not lint */ /* @@ -471,7 +471,7 @@ card(c, p2) register int len = 2; *p1++ = c; - while ((c = *p2++) != '\0') { + while ((c = *p2++) != '\0' && len <= sizeof(buf)) { *p1++ = (c == '\n') ? ' ' : c; len++; } |