From 2564df0eb533d19af797b8e1b7ee8a87257f1259 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sat, 1 Apr 2000 17:19:09 +0000 Subject: [PATCH] buf oflow; ath@algonet.se --- bin/ed/buf.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/bin/ed/buf.c b/bin/ed/buf.c index 878c89423ff..ec9cadfb933 100644 --- a/bin/ed/buf.c +++ b/bin/ed/buf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buf.c,v 1.9 1998/07/03 06:01:17 deraadt Exp $ */ +/* $OpenBSD: buf.c,v 1.10 2000/04/01 17:19:09 deraadt Exp $ */ /* $NetBSD: buf.c,v 1.15 1995/04/23 10:07:28 cgd Exp $ */ /* buf.c: This file contains the scratch-file buffer rountines for the @@ -33,7 +33,7 @@ #if 0 static char *rcsid = "@(#)buf.c,v 1.4 1994/02/01 00:34:35 alm Exp"; #else -static char rcsid[] = "$OpenBSD: buf.c,v 1.9 1998/07/03 06:01:17 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: buf.c,v 1.10 2000/04/01 17:19:09 deraadt Exp $"; #endif #endif /* not lint */ @@ -199,7 +199,8 @@ get_addressed_line_node(n) extern int newline_added; -char sfn[15] = ""; /* scratch file name */ +#define SCRATCH_TEMPLATE "/tmp/ed.XXXXXXXXXX" +char sfn[sizeof(SCRATCH_TEMPLATE)+1] = ""; /* scratch file name */ /* open_sbuf: open scratch file */ int @@ -208,7 +209,7 @@ open_sbuf() int fd = -1; isbinary = newline_added = 0; - strcpy(sfn, "/tmp/ed.XXXXXXXXXX"); + strlcpy(sfn, SCRATCH_TEMPLATE, sizeof sfn); if ((fd = mkstemp(sfn)) == -1 || (sfp = fdopen(fd, "w+")) == NULL) { if (fd != -1) -- 2.20.1