-/* $OpenBSD: mt.c,v 1.38 2015/12/30 14:59:10 tedu Exp $ */
+/* $OpenBSD: mt.c,v 1.39 2018/07/09 19:38:29 deraadt Exp $ */
/* $NetBSD: mt.c,v 1.14.2.1 1996/05/27 15:12:11 mrg Exp $ */
/*
#include <string.h>
#include <unistd.h>
#include <util.h>
+#include <limits.h>
#include "mt.h"
#endif
}
+ if (strlen(tape) >= PATH_MAX)
+ err(1, "tape name too long for protocol");
+
if (eject) {
if (insert)
comp = &com[COM_RETEN];
-/* $OpenBSD: mtrmt.c,v 1.21 2013/11/21 15:54:45 deraadt Exp $ */
+/* $OpenBSD: mtrmt.c,v 1.22 2018/07/09 19:38:29 deraadt Exp $ */
/* $NetBSD: mtrmt.c,v 1.2 1996/03/06 06:22:07 scottr Exp $ */
/*-
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <limits.h>
#include "pathnames.h"
#include "mt.h"
int
rmtopen(char *tape, int mode)
{
- char buf[256];
+ char buf[1 + PATH_MAX+1 + 10+1 +1];
+ int r;
- (void)snprintf(buf, sizeof (buf), "O%s\n%d\n", tape, mode);
+ r = snprintf(buf, sizeof (buf), "O%s\n%d\n", tape, mode);
+ if (r == -1 || r >= sizeof buf)
+ errx(1, "tape name too long");
rmtstate = TS_OPEN;
return (rmtcall(tape, buf));
}
int
rmtioctl(int cmd, int count)
{
- char buf[256];
+ char buf[1 + 10+1 + 10+1 +1];
+ int r;
if (count < 0)
return (-1);
- (void)snprintf(buf, sizeof (buf), "I%d\n%d\n", cmd, count);
+ r = snprintf(buf, sizeof (buf), "I%d\n%d\n", cmd, count);
+ if (r == -1 || r >= sizeof buf)
+ errx(1, "string error during ioctl");
return (rmtcall("ioctl", buf));
}
projects / openbsd / commitdiff