diff options
| author | David Greenman <dg@FreeBSD.org> | 1997-02-19 08:04:58 +0000 |
|---|---|---|
| committer | David Greenman <dg@FreeBSD.org> | 1997-02-19 08:04:58 +0000 |
| commit | 33a20f8291bed94c46bc422034f6c737363eee1b (patch) | |
| tree | b5a939ff0ebbc93bf7b8a1d5a716a640b89c7bf8 /sbin | |
| parent | c8da9b756d8452e1deeca55b4e9796fff064cfc8 (diff) | |
| download | src-33a20f8291bed94c46bc422034f6c737363eee1b.tar.gz src-33a20f8291bed94c46bc422034f6c737363eee1b.zip | |
Protect from stack overrun via /etc/ttys, which could possibly allow a
root user to change the securelevel. Pointed out by Thomas H. Ptacek
<tqbf@enteract.com>.
Notes
Notes:
svn path=/head/; revision=22922
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/init/init.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/init/init.c b/sbin/init/init.c index bd3ab6733c87..d5695c29bb5d 100644 --- a/sbin/init/init.c +++ b/sbin/init/init.c @@ -1089,7 +1089,7 @@ start_window_system(sp) if (sp->se_type) { /* Don't use malloc after fork */ strcpy(term, "TERM="); - strcat(term, sp->se_type); + strncat(term, sp->se_type, sizeof(term) - 6); env[0] = term; env[1] = 0; } @@ -1154,7 +1154,7 @@ start_getty(sp) if (sp->se_type) { /* Don't use malloc after fork */ strcpy(term, "TERM="); - strcat(term, sp->se_type); + strncat(term, sp->se_type, sizeof(term) - 6); env[0] = term; env[1] = 0; } |