From: itojun Date: Wed, 19 Jan 2000 05:34:17 +0000 (+0000) Subject: need strl{cat,cpy} badly for buffer overflow X-Git-Tag: tcpdump-3.5.1~389 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/63ac2af9fd4e7cfd86102224e243414477f5e0de need strl{cat,cpy} badly for buffer overflow --- diff --git a/Makefile.in b/Makefile.in index b0ebb32a..781e4cad 100644 --- a/Makefile.in +++ b/Makefile.in @@ -17,7 +17,7 @@ # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # -# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.226 2000-01-17 20:49:39 fenner Exp $ (LBL) +# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.227 2000-01-19 05:34:18 itojun Exp $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) @@ -127,6 +127,10 @@ inet_aton.o: $(srcdir)/missing/inet_aton.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/inet_aton.c snprintf.o: $(srcdir)/missing/snprintf.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/snprintf.c +strlcat.o: $(srcdir)/missing/strlcat.c + $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/strlcat.c +strlcpy.o: $(srcdir)/missing/strlcpy.c + $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/strlcpy.c version.o: version.c $(CC) $(CFLAGS) -c version.c diff --git a/configure.in b/configure.in index 9490e1c0..beae6221 100644 --- a/configure.in +++ b/configure.in @@ -1,4 +1,4 @@ -dnl @(#) $Header: /tcpdump/master/tcpdump/configure.in,v 1.104 2000-01-19 04:51:10 itojun Exp $ (LBL) +dnl @(#) $Header: /tcpdump/master/tcpdump/configure.in,v 1.105 2000-01-19 05:34:17 itojun Exp $ (LBL) dnl dnl Copyright (c) 1994, 1995, 1996, 1997 dnl The Regents of the University of California. All rights reserved. @@ -6,7 +6,7 @@ dnl dnl Process this file with autoconf to produce a configure script. dnl -AC_REVISION($Revision: 1.104 $) +AC_REVISION($Revision: 1.105 $) AC_PREREQ(2.13) AC_INIT(tcpdump.c) @@ -416,7 +416,7 @@ if test "$missing_includes" = "yes"; then fi -AC_REPLACE_FUNCS(vfprintf strcasecmp) +AC_REPLACE_FUNCS(vfprintf strcasecmp strlcat strlcpy) AC_CHECK_FUNCS(ether_ntohost setlinebuf gethostbyname2) needsnprintf=no diff --git a/interface.h b/interface.h index 928e17e8..d01e5c1b 100644 --- a/interface.h +++ b/interface.h @@ -18,7 +18,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.120 2000-01-15 07:42:32 itojun Exp $ (LBL) + * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.121 2000-01-19 05:34:18 itojun Exp $ (LBL) */ #ifndef tcpdump_interface_h @@ -65,6 +65,13 @@ int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap) __attribute__((format (printf, 3, 0))); #endif +#ifndef HAVE_STRLCAT +extern size_t strlcat __P((char *, const char *, size_t)); +#endif +#ifndef HAVE_STRLCPY +extern size_t strlcpy __P((char *, const char *, size_t)); +#endif + struct tok { int v; /* value */ char *s; /* string */ diff --git a/missing/strlcat.c b/missing/strlcat.c new file mode 100644 index 00000000..f9be92c1 --- /dev/null +++ b/missing/strlcat.c @@ -0,0 +1,78 @@ +/* $NetBSD: strlcat.c,v 1.5 1999/09/20 04:39:47 lukem Exp $ */ +/* from OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp */ + +/* + * Copyright (c) 1998 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef lint +static const char rcsid[] = + "@(#) $Header: /tcpdump/master/tcpdump/missing/strlcat.c,v 1.1 2000-01-19 05:34:19 itojun Exp $ (LBL)"; +#endif + +#include + +#include +#include + +#include "interface.h" + +/* + * Appends src to string dst of size siz (unlike strncat, siz is the + * full size of dst, not space left). At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +size_t +strlcat(dst, src, siz) + char *dst; + const char *src; + size_t siz; +{ + register char *d = dst; + register const char *s = src; + register size_t n = siz; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end */ + while (*d != '\0' && n-- != 0) + d++; + dlen = d - dst; + n = siz - dlen; + + if (n == 0) + return(dlen + strlen(s)); + while (*s != '\0') { + if (n != 1) { + *d++ = *s; + n--; + } + s++; + } + *d = '\0'; + + return(dlen + (s - src)); /* count does not include NUL */ +} diff --git a/missing/strlcpy.c b/missing/strlcpy.c new file mode 100644 index 00000000..76f58bbf --- /dev/null +++ b/missing/strlcpy.c @@ -0,0 +1,75 @@ +/* $NetBSD: strlcpy.c,v 1.5 1999/09/20 04:39:47 lukem Exp $ */ +/* from OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp */ + +/* + * Copyright (c) 1998 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef lint +static const char rcsid[] = + "@(#) $Header: /tcpdump/master/tcpdump/missing/strlcpy.c,v 1.1 2000-01-19 05:34:19 itojun Exp $ (LBL)"; +#endif + +#include + +#include +#include + +#include "interface.h" + +/* + * Copy src to string dst of size siz. At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +size_t +strlcpy(dst, src, siz) + char *dst; + const char *src; + size_t siz; +{ + register char *d = dst; + register const char *s = src; + register size_t n = siz; + + /* Copy as many bytes as will fit */ + if (n != 0 && --n != 0) { + do { + if ((*d++ = *s++) == 0) + break; + } while (--n != 0); + } + + /* Not enough room in dst, add NUL and traverse rest of src */ + if (n == 0) { + if (siz != 0) + *d = '\0'; /* NUL-terminate dst */ + while (*s++) + ; + } + + return(s - src - 1); /* count does not include NUL */ +}