cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4ad9e4695b
openbsd-ports/www/webalizer/patches/patch-webalizer_c
danh 926ea2c6c1 update to webalizer 2.01-10 
* bump NEED_VERSION
* security fix: buffer overflow in DNS resolver
* includes other bugfixes
* some strcpy/strncpy/sprintf calls changed to strlcpy/snprintf
2002-04-17 16:17:45 +00:00

49 lines
2.1 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-webalizer_c,v 1.3 2002/04/17 16:17:45 danh Exp $
--- webalizer.c.orig Wed Apr 17 11:59:59 2002
+++ webalizer.c Wed Apr 17 12:05:26 2002
@@ -263,7 +263,7 @@ int main(int argc, char *argv[])
/* add default index. alias */
add_nlist("index.",&index_alias);
- sprintf(tmp_buf,"%s/webalizer.conf",ETCDIR);
+ snprintf(tmp_buf,sizeof tmp_buf,"%s/webalizer.conf",ETCDIR);
/* check for default config file */
if (!access("webalizer.conf",F_OK))
get_config("webalizer.conf");
@@ -560,7 +560,7 @@ int main(int argc, char *argv[])
}
/* got a record... */
- strcpy(tmp_buf, buffer); /* save buffer in case of error */
+ strlcpy(tmp_buf, buffer, sizeof tmp_buf); /* save buffer in case of error */
if (parse_record(buffer)) /* parse the record */
{
/*********************************************/
@@ -750,7 +750,7 @@ int main(int argc, char *argv[])
if (!isurlchar(*cp1))
{
/* Save query portion in log.rec.srchstr */
- strncpy(log_rec.srchstr,cp1,MAXSRCH);
+ strlcpy(log_rec.srchstr,cp1,sizeof log_rec.srchstr);
*cp1++='\0';
break;
}
@@ -1007,7 +1007,7 @@ int main(int argc, char *argv[])
/* Catch blank hostnames here */
if (log_rec.hostname[0]=='\0')
- strncpy(log_rec.hostname,"Unknown",8);
+ strlcpy(log_rec.hostname,"Unknown",sizeof log_rec.hostname);
/* Ignore/Include check */
if ( (isinlist(include_sites,log_rec.hostname)==NULL) &&
@@ -1809,7 +1809,7 @@ void srch_string(char *ptr)
if ( (cps=isinglist(search_list,log_rec.refer))==NULL) return;
/* Try to find query variable */
- srch[0]='?'; strcpy(&srch[1],cps); /* First, try "?..." */
+ srch[0]='?'; strlcpy(&srch[1],cps,(sizeof srch) - 1); /* First, try "?..." */
if ((cp1=strstr(ptr,srch))==NULL)
{
srch[0]='&'; /* Next, try "&..." */
Reference in New Issue View Git Blame Copy Permalink