diff options
Diffstat (limited to 'src/tests/hammer')
-rw-r--r-- | src/tests/hammer/ChangeLog | 9 | ||||
-rw-r--r-- | src/tests/hammer/kdc5_hammer.c | 13 |
2 files changed, 17 insertions, 5 deletions
diff --git a/src/tests/hammer/ChangeLog b/src/tests/hammer/ChangeLog index 1504de4..fcdd391 100644 --- a/src/tests/hammer/ChangeLog +++ b/src/tests/hammer/ChangeLog @@ -1,3 +1,12 @@ +2000-05-11 Nalin Dahyabhai <nalin@redhat.com> + + * kdc5_hammer.c (main): Make sure buffer 'prefix' is null-terminated. + +2000-05-08 Ken Raeburn <raeburn@mit.edu> + Nalin Dahyabhai <nalin@redhat.com> + + * kdc5_hammer.c (main): Don't overflow buffers "ctmp" or "stmp". + 1999-10-26 Tom Yu <tlyu@mit.edu> * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, diff --git a/src/tests/hammer/kdc5_hammer.c b/src/tests/hammer/kdc5_hammer.c index 780f92d..6429a38 100644 --- a/src/tests/hammer/kdc5_hammer.c +++ b/src/tests/hammer/kdc5_hammer.c @@ -169,7 +169,8 @@ main(argc, argv) depth = atoi(optarg); /* how deep to go */ break; case 'p': /* prefix name to check */ - strcpy(prefix, optarg); + strncpy(prefix, optarg, sizeof(prefix) - 1); + prefix[sizeof(prefix) - 1] = '\0'; break; case 'n': /* how many to check */ num_to_check = atoi(optarg); @@ -240,10 +241,11 @@ main(argc, argv) again given a prefix and count to test the db lib and kdb */ ctmp[0] = '\0'; for (i = 1; i <= depth; i++) { - ctmp2[0] = '\0'; (void) sprintf(ctmp2, "%s%s%d-DEPTH-%d", (i != 1) ? "/" : "", prefix, n, i); - strcat(ctmp, ctmp2); + ctmp2[sizeof(ctmp2) - 1] = '\0'; + strncat(ctmp, ctmp2, sizeof(ctmp) - 1 - strlen(ctmp)); + ctmp[sizeof(ctmp) - 1] = '\0'; sprintf(client, "%s@%s", ctmp, cur_realm); if (get_tgt (test_context, client, &client_princ, ccache)) { @@ -255,10 +257,11 @@ main(argc, argv) stmp[0] = '\0'; for (j = 1; j <= depth; j++) { - stmp2[0] = '\0'; (void) sprintf(stmp2, "%s%s%d-DEPTH-%d", (j != 1) ? "/" : "", prefix, n, j); - strcat(stmp, stmp2); + stmp2[sizeof (stmp2) - 1] = '\0'; + strncat(stmp, stmp2, sizeof(stmp) - 1 - strlen(stmp)); + stmp[sizeof(stmp) - 1] = '\0'; sprintf(server, "%s@%s", stmp, cur_realm); if (verify_cs_pair(test_context, client, client_princ, stmp, cur_realm, n, i, j, ccache)) |