Hmmm, but now that you have changed message to be a pointer, the
sizeof(message) at the end of the patch will return the size of
a pointer which is 4 and probably not what you want. :-)
I think we should be carefull when we make our security fixes so
that we don't introduce new bugs, which was also the problem that
I had the other day with doscmd.
John
--
John Hay -- [EMAIL PROTECTED]
> I'd prefer something like this that I've attached. The move over the
> years has been away from artificial limits...
>
> --
> Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! /
> [EMAIL PROTECTED] `------------------------------'
>
>
> Index: banner.c
> ===================================================================
> RCS file: /usr2/ncvs/src/usr.bin/banner/banner.c,v
> retrieving revision 1.6
> diff -u -r1.6 banner.c
> --- banner.c 1999/04/19 04:05:25 1.6
> +++ banner.c 1999/11/24 05:41:35
> @@ -1018,7 +1018,7 @@
> };
>
> char line[DWIDTH];
> -char message[MAXMSG];
> +char *message;
> char print[DWIDTH];
> int debug, i, j, linen, max, nchars, pc, term, trace, x, y;
> int width = DWIDTH; /* -w option: scrunch letters to 80 columns */
> @@ -1058,14 +1058,24 @@
>
> /* Have now read in the data. Next get the message to be printed. */
> if (*argv) {
> - strcpy(message, *argv);
> + message = strdup(*argv);
> + if (message == NULL)
> + err(1, "strdup");
> while (*++argv) {
> - strcat(message, " ");
> - strcat(message, *argv);
> + char *omessage;
> +
> + omessage = message;
> + asprintf(&message, "%s %s", message, *argv);
> + if (message == NULL)
> + err(1, "asprintf");
> + free(omessage);
> }
> nchars = strlen(message);
> } else {
> fprintf(stderr,"Message: ");
> + message = malloc(MAXMSG);
> + if (message == NULL)
> + err(1, "malloc");
> (void)fgets(message, sizeof(message), stdin);
> nchars = strlen(message);
> message[nchars--] = '\0'; /* get rid of newline */
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
