diff options
| author | in2 <in2@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2002-12-24 16:20:15 +0800 |
|---|---|---|
| committer | in2 <in2@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2002-12-24 16:20:15 +0800 |
| commit | 596f84066e076f9a9cc134f0f0aa7d209e2c40d7 (patch) | |
| tree | 97c06429133177abd2e8387922051212e4e750ec | |
| parent | f556b681c9a1222a5c5a63c39b9be70f7ee2646d (diff) | |
| download | pttbbs-596f84066e076f9a9cc134f0f0aa7d209e2c40d7.tar pttbbs-596f84066e076f9a9cc134f0f0aa7d209e2c40d7.tar.gz pttbbs-596f84066e076f9a9cc134f0f0aa7d209e2c40d7.tar.bz2 pttbbs-596f84066e076f9a9cc134f0f0aa7d209e2c40d7.tar.lz pttbbs-596f84066e076f9a9cc134f0f0aa7d209e2c40d7.tar.xz pttbbs-596f84066e076f9a9cc134f0f0aa7d209e2c40d7.tar.zst pttbbs-596f84066e076f9a9cc134f0f0aa7d209e2c40d7.zip | |
fix buffer overflow in oldgetdata()
git-svn-id: http://opensvn.csie.org/pttbbs/pttbbs/trunk@586 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
| -rw-r--r-- | pttbbs/mbbsd/io.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/pttbbs/mbbsd/io.c b/pttbbs/mbbsd/io.c index 84683ce8..aa6e525b 100644 --- a/pttbbs/mbbsd/io.c +++ b/pttbbs/mbbsd/io.c @@ -1,4 +1,4 @@ -/* $Id: io.c,v 1.24 2002/10/01 16:02:27 in2 Exp $ */ +/* $Id: io.c,v 1.25 2002/12/24 08:20:15 in2 Exp $ */ #include "bbs.h" #if defined(linux) @@ -303,6 +303,8 @@ igetch() return 0; } +#define min(a, b) (((a) > (b)) ? (b) : (a)) + int oldgetdata(int line, int col, char *prompt, char *buf, int len, int echo) { @@ -365,7 +367,7 @@ oldgetdata(int line, int col, char *prompt, char *buf, int len, int echo) outc('\n'); oflush(); } else { - int cmdpos = -1; + int cmdpos = 0; int currchar = 0; standout(); @@ -382,17 +384,17 @@ oldgetdata(int line, int col, char *prompt, char *buf, int len, int echo) case KEY_DOWN: case Ctrl('N'): buf[clen] = '\0'; /* Ptt */ - strncpy(lastcmd[cmdpos], buf, 79); + strncpy(lastcmd[cmdpos], buf, min(clen, 79)); cmdpos += MAXLASTCMD - 2; case Ctrl('P'): case KEY_UP: if (ch == KEY_UP || ch == Ctrl('P')) { buf[clen] = '\0'; /* Ptt */ - strncpy(lastcmd[cmdpos], buf, 79); + strncpy(lastcmd[cmdpos], buf, min(clen, 79)); } cmdpos++; cmdpos %= MAXLASTCMD; - strncpy(buf, lastcmd[cmdpos], len); + strncpy(buf, lastcmd[cmdpos], min(len, 79)); buf[len] = 0; move(y, x); /* clrtoeof */ @@ -468,7 +470,8 @@ oldgetdata(int line, int col, char *prompt, char *buf, int len, int echo) if (clen > 1) for (cmdpos = MAXLASTCMD - 1; cmdpos; cmdpos--) { - strlcpy(lastcmd[cmdpos], lastcmd[cmdpos - 1], sizeof(lastcmd[cmdpos])); + strlcpy(lastcmd[cmdpos], lastcmd[cmdpos - 1], + sizeof(lastcmd[cmdpos])); strncpy(lastcmd[0], buf, len); } if (echo) |