Module Name: src Committed By: apb Date: Sat Mar 29 18:23:00 UTC 2014
Modified Files: src/usr.sbin/bootp/bootpd: bootpd.c Log Message: sizeof(pointer) is not a good buffer length to pass to strlcat. Introduce a new variable, clntpathmaxlen, to hold the correct buffer length, and pass that to strlcat. The incorrect buffer length would have caused <filename>.<hostname> lookups to fail. To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/usr.sbin/bootp/bootpd/bootpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.sbin/bootp/bootpd/bootpd.c diff -u src/usr.sbin/bootp/bootpd/bootpd.c:1.24 src/usr.sbin/bootp/bootpd/bootpd.c:1.25 --- src/usr.sbin/bootp/bootpd/bootpd.c:1.24 Mon Aug 29 20:38:54 2011 +++ src/usr.sbin/bootp/bootpd/bootpd.c Sat Mar 29 18:23:00 2014 @@ -22,7 +22,7 @@ SOFTWARE. #include <sys/cdefs.h> #ifndef lint -__RCSID("$NetBSD: bootpd.c,v 1.24 2011/08/29 20:38:54 joerg Exp $"); +__RCSID("$NetBSD: bootpd.c,v 1.25 2014/03/29 18:23:00 apb Exp $"); #endif /* @@ -599,6 +599,7 @@ handle_request(void) int32 dest; char lrealpath[1024]; char *clntpath; + size_t clntpathmaxlen; char *homedir, *bootfile; int n; @@ -811,9 +812,11 @@ HW addr type is IEEE 802. convert to %s if (hp->flags.tftpdir) { strlcpy(lrealpath, hp->tftpdir->string, sizeof(lrealpath)); clntpath = &lrealpath[strlen(lrealpath)]; + clntpathmaxlen = sizeof(lrealpath) + lrealpath - clntpath; } else { lrealpath[0] = '\0'; clntpath = lrealpath; + clntpathmaxlen = sizeof(lrealpath) } /* @@ -883,8 +886,8 @@ HW addr type is IEEE 802. convert to %s * First try to find the file with a ".host" suffix */ n = strlen(clntpath); - strlcat(clntpath, ".", sizeof(clntpath)); - strlcat(clntpath, hp->hostname->string, sizeof(clntpath)); + strlcat(clntpath, ".", clntpathmaxlen); + strlcat(clntpath, hp->hostname->string, clntpathmaxlen); if (chk_access(lrealpath, &bootsize) < 0) { clntpath[n] = 0; /* Try it without the suffix */ if (chk_access(lrealpath, &bootsize) < 0) {