Fix buffer overflows noted by Gerardo Puga

-Erik
author: Eric Andersen <andersen@codepoet.org> 2002-06-06 14:36:07 +0000
committer: Eric Andersen <andersen@codepoet.org> 2002-06-06 14:36:07 +0000
commit: fe1ef2bc62883539f37e0070f62c765602232a77 (patch)
tree: db2099309260e77f0f5aaae697b8fc1c54691c8d
parent: 6fb4e4877a9d447c45b4f511e9851f2f8f7443b3 (diff)
download: busybox-w32-fe1ef2bc62883539f37e0070f62c765602232a77.tar.gz
busybox-w32-fe1ef2bc62883539f37e0070f62c765602232a77.tar.bz2
busybox-w32-fe1ef2bc62883539f37e0070f62c765602232a77.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/miscutils/makedevs.c b/miscutils/makedevs.c
index 4e50a6d71..f55995685 100644
--- a/miscutils/makedevs.c
+++ b/miscutils/makedevs.c
@@ -52,9 +52,13 @@ int makedevs_main(int argc, char **argv)
                if (type[0] != 'f')
                        dev = (major << 8) | Sminor;
-                strcpy(devname, basedev);
+                safe_strncpy(devname, basedev, sizeof(devname));
                if (sbase == 0) {
+                        int len;
+                        len = strlen(devname);
+                        if (S > 10000 || len > (sizeof(devname)-6))
+                                error_msg_and_die("%s: number too large", buf);
                        sprintf(buf, "%d", S);
                        strcat(devname, buf);
                } else {
author	Eric Andersen <andersen@codepoet.org>	2002-06-06 14:36:07 +0000
committer	Eric Andersen <andersen@codepoet.org>	2002-06-06 14:36:07 +0000
commit	fe1ef2bc62883539f37e0070f62c765602232a77 (patch)
tree	db2099309260e77f0f5aaae697b8fc1c54691c8d
parent	6fb4e4877a9d447c45b4f511e9851f2f8f7443b3 (diff)
download	busybox-w32-fe1ef2bc62883539f37e0070f62c765602232a77.tar.gz busybox-w32-fe1ef2bc62883539f37e0070f62c765602232a77.tar.bz2 busybox-w32-fe1ef2bc62883539f37e0070f62c765602232a77.zip