From e2392789784483d5c142443388c1a0bf8508592b Mon Sep 17 00:00:00 2001
From: Stelian Pop <stelian@popies.net>
Date: Mon, 31 Mar 2003 10:09:37 +0000
Subject: [PATCH] Security fixes from Antonomasia.

---
 CHANGES   | 5 ++++-
 rmt/rmt.c | 6 ++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index ef2eb83..1735a9f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,4 @@
-$Id: CHANGES,v 1.223 2003/03/31 09:42:54 stelian Exp $
+$Id: CHANGES,v 1.224 2003/03/31 10:09:37 stelian Exp $
 
 Changes between versions 0.4b33 and 0.4b34 (released ?????????????????)
 =======================================================================
@@ -76,6 +76,9 @@ Changes between versions 0.4b33 and 0.4b34 (released ?????????????????)
 	Markus Oberhumer <markus@oberhumer.com> for giving special permission
 	to include his miniLZO project (GPL licensed) in dump/restore.
 
+17.	Some small buffer overruns fixes in rmt. Thanks to Antonomasia
+	<ant@notatla.demon.co.uk> for reporting the bugs.
+
 Changes between versions 0.4b32 and 0.4b33 (released February 10, 2003)
 =======================================================================
 
diff --git a/rmt/rmt.c b/rmt/rmt.c
index e977d95..3bd6207 100644
--- a/rmt/rmt.c
+++ b/rmt/rmt.c
@@ -37,7 +37,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-	"$Id: rmt.c,v 1.24 2003/03/30 15:40:40 stelian Exp $";
+	"$Id: rmt.c,v 1.25 2003/03/31 10:09:41 stelian Exp $";
 #endif /* not linux */
 
 /*
@@ -187,6 +187,8 @@ top:
 	case 'W':
 		getstring(count);
 		n = atoi(count);
+		if (n < 1)
+			exit(2);
 		DEBUG2("rmtd: W %s (block = %lu)\n", count, block);
 		record = checkbuf(record, n);
 		for (i = 0; i < n; i += cc) {
@@ -417,7 +419,7 @@ void getstring(char *bp)
 	int i;
 	char *cp = bp;
 
-	for (i = 0; i < SSIZE; i++) {
+	for (i = 0; i < SSIZE - 1; i++) {
 		if (read(0, cp+i, 1) != 1)
 			exit(0);
 		if (cp[i] == '\n')
-- 
2.39.2