From cc1f1f3b9eb68a88e337af1cc06ae412a4ea4fb6 Mon Sep 17 00:00:00 2001 From: tom <> Date: Sun, 1 May 2005 19:39:02 +0000 Subject: [PATCH] Tidy up __strtosignal(): pass a buffer and length to its itoa() and make sure we can't underrun this buffer. Also force NUL-termination of this buffer, and ensure that large unsigned integers are printed correctly. Started by a diff from Dave Hines, openbsd (at) dph (dot) fluff (dot) org; thanks. with and ok otto@ --- src/lib/libc/string/__strsignal.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/lib/libc/string/__strsignal.c b/src/lib/libc/string/__strsignal.c index ebbf08d2..09054a95 100644 --- a/src/lib/libc/string/__strsignal.c +++ b/src/lib/libc/string/__strsignal.c @@ -28,7 +28,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: __strsignal.c,v 1.9 2005/03/30 20:13:52 otto Exp $"; +static char *rcsid = "$OpenBSD: __strsignal.c,v 1.10 2005/05/01 19:39:02 tom Exp $"; #endif /* LIBC_SCCS and not lint */ #ifdef NLS @@ -45,17 +45,18 @@ static char *rcsid = "$OpenBSD: __strsignal.c,v 1.9 2005/03/30 20:13:52 otto Exp #include #include -static char *itoa(int num) +static char * +itoa(char *buffer, size_t buffer_size, unsigned int num) { - static char buffer[11]; - char *p; + char *p = buffer + buffer_size; - p = buffer + 4; - while (num >= 10) { + *--p = '\0'; + while (num >= 10 && p > buffer + 1) { *--p = (num % 10) + '0'; num /= 10; } - *p = (num % 10) + '0'; + /* num < 10 || p == buffer + 1 */ + *--p = (num % 10) + '0'; return p; } @@ -79,12 +80,15 @@ __strsignal(int num, char *buf) return((char *)sys_siglist[signum]); #endif } else { +#define MAXINTDIGS 11 + char str[MAXINTDIGS]; + #ifdef NLS strlcpy(buf, catgets(catd, 1, 0xffff, UPREFIX), NL_TEXTMAX); #else strlcpy(buf, UPREFIX, NL_TEXTMAX); #endif - strlcat(buf, itoa(signum), NL_TEXTMAX); + strlcat(buf, itoa(str, sizeof(str), signum), NL_TEXTMAX); } #ifdef NLS