From ed84022b2aae79a034a70c07e57e3868d9e80ad8 Mon Sep 17 00:00:00 2001
From: tholo <tholo@openbsd.org>
Date: Tue, 3 Sep 1996 05:11:11 +0000
Subject: [PATCH] Protect against buffer overflow

---
 lib/libterm/termcap.c    |  6 ++++--
 lib/libtermlib/getterm.c | 12 +++++++-----
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/lib/libterm/termcap.c b/lib/libterm/termcap.c
index 2eb5d31cdd9..8e11888836b 100644
--- a/lib/libterm/termcap.c
+++ b/lib/libterm/termcap.c
@@ -106,8 +106,9 @@ tgetent(bp, name)
 		else {
 			if ((home = getenv("HOME")) != NULL) {
 				/* set up default */
-				p += strlen(home);	/* path, looking in */
-				strcpy(pathbuf, home);	/* $HOME first */
+				strncpy(pathbuf, home, PBUFSIZ - strlen(_PATH_DEF) - 1);	/* $HOME first */
+				pathbuf[PBUFSIZ - strlen(_PATH_DEF) - 1] = '\0';
+				p += strlen(pathbuf);	/* path, looking in */
 				*p++ = '/';
 			}	/* if no $HOME look in current directory */
 			strncpy(p, _PATH_DEF, PBUFSIZ - (p - pathbuf));
@@ -115,6 +116,7 @@ tgetent(bp, name)
 	}
 	else				/* user-defined name in TERMCAP */
 		strncpy(pathbuf, cp, PBUFSIZ);	/* still can be tokenized */
+	pathbuf[PBUFSIZ] = '\0';
 
 	*fname++ = pathbuf;	/* tokenize path into vector of names */
 	while (*++p)
diff --git a/lib/libtermlib/getterm.c b/lib/libtermlib/getterm.c
index e8ebbfd3b95..80e85042c0c 100644
--- a/lib/libtermlib/getterm.c
+++ b/lib/libtermlib/getterm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getterm.c,v 1.9 1996/08/31 01:58:50 tholo Exp $	*/
+/*	$OpenBSD: getterm.c,v 1.10 1996/09/03 05:11:11 tholo Exp $	*/
 
 /*
  * Copyright (c) 1996 SigmaSoft, Th. Lockert <tholo@sigmasoft.com>
@@ -31,7 +31,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$OpenBSD: getterm.c,v 1.9 1996/08/31 01:58:50 tholo Exp $";
+static char rcsid[] = "$OpenBSD: getterm.c,v 1.10 1996/09/03 05:11:11 tholo Exp $";
 #endif
 
 #include <stdlib.h>
@@ -102,8 +102,9 @@ _ti_gettermcap(name)
 	else {
 	    if ((home = getenv("HOME")) != NULL) {
 		/* set up default */
-		p += strlen(home);	/* path, looking in */
-		strcpy(pathbuf, home);	/* $HOME first */
+		strncpy(pathbuf, home, MAXPATHLEN - strlen(_PATH_CAPDEF) - 1);	/* $HOME first */
+		pathbuf[MAXPATHLEN - strlen(_PATH_CAPDEF) - 1] = '\0';
+		p += strlen(pathbuf);	/* path, looking in */
 		*p++ = '/';
 	    }	/* if no $HOME look in current directory */
 	    strncpy(p, _PATH_CAPDEF, MAXPATHLEN - (p - pathbuf));
@@ -248,7 +249,8 @@ _ti_getterminfo(name)
 	if ((home = getenv("HOME")) != NULL) {
 	    /* set up default */
 	    p += strlen(home);	/* path, looking in */
-	    strcpy(pathbuf, home);	/* $HOME first */
+		strncpy(pathbuf, home, MAXPATHLEN - strlen(_PATH_INFODEF) - 1);	/* $HOME first */
+		pathbuf[MAXPATHLEN - strlen(_PATH_INFODEF) - 1] = '\0';
 	    *p++ = '/';
 	}	/* if no $HOME look in current directory */
 	strncpy(p, _PATH_INFODEF, MAXPATHLEN - (p - pathbuf));
-- 
2.20.1