Security fixes from Antonomasia.

diff --git a/CHANGES b/CHANGES
index ef2eb83f652651e4238d1f7d99bb7f252cc6b5a4..1735a9f5aa0897111dfedbfdba88fd6308a128a3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,4 @@
-$Id: CHANGES,v 1.223 2003/03/31 09:42:54 stelian Exp $
+$Id: CHANGES,v 1.224 2003/03/31 10:09:37 stelian Exp $
 
 Changes between versions 0.4b33 and 0.4b34 (released ?????????????????)
 =======================================================================
@@ -76,6 +76,9 @@ Changes between versions 0.4b33 and 0.4b34 (released ?????????????????)
        Markus Oberhumer <markus@oberhumer.com> for giving special permission
        to include his miniLZO project (GPL licensed) in dump/restore.
 
+17.    Some small buffer overruns fixes in rmt. Thanks to Antonomasia
+       <ant@notatla.demon.co.uk> for reporting the bugs.
+
 Changes between versions 0.4b32 and 0.4b33 (released February 10, 2003)
 =======================================================================
 

diff --git a/rmt/rmt.c b/rmt/rmt.c
index e977d95ac9afad1bef7d7d726603601f1870c691..3bd6207406336874a960410a365583ecc597eed2 100644 (file)
--- a/rmt/rmt.c
+++ b/rmt/rmt.c
@@ -37,7 +37,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-       "$Id: rmt.c,v 1.24 2003/03/30 15:40:40 stelian Exp $";
+       "$Id: rmt.c,v 1.25 2003/03/31 10:09:41 stelian Exp $";
 #endif /* not linux */
 
 /*
@@ -187,6 +187,8 @@ top:
        case 'W':
                getstring(count);
                n = atoi(count);
+               if (n < 1)
+                       exit(2);
                DEBUG2("rmtd: W %s (block = %lu)\n", count, block);
                record = checkbuf(record, n);
                for (i = 0; i < n; i += cc) {
@@ -417,7 +419,7 @@ void getstring(char *bp)
        int i;
        char *cp = bp;
 
-       for (i = 0; i < SSIZE; i++) {
+       for (i = 0; i < SSIZE - 1; i++) {
                if (read(0, cp+i, 1) != 1)
                        exit(0);
                if (cp[i] == '\n')