From 4dd80e768ff9a8b14ad132d021a115c04f345d45 Mon Sep 17 00:00:00 2001
From: Ollivier Robert <roberto@FreeBSD.org>
Date: Sun, 18 Jun 2000 23:10:20 +0000
Subject: [PATCH] Fix potential buffer overflows (even if ancontrol is not
 setuid).

Submitted by:	Aaron Campbell <aaron@cs.dal.ca> from OpenBSD
---
 usr.sbin/ancontrol/ancontrol.c | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/usr.sbin/ancontrol/ancontrol.c b/usr.sbin/ancontrol/ancontrol.c
index 4eac074612f..5e8460697dd 100644
--- a/usr.sbin/ancontrol/ancontrol.c
+++ b/usr.sbin/ancontrol/ancontrol.c
@@ -1,4 +1,4 @@
-/*
+/*	$OpenBSD: ancontrol.c,v 1.4 2000/06/18 22:27:41 aaron Exp $	*/
  * Copyright 1997, 1998, 1999
  *	Bill Paul <wpaul@ee.columbia.edu>.  All rights reserved.
  *
@@ -127,7 +127,7 @@ static void an_getval(iface, areq)
 
 	bzero((char *)&ifr, sizeof(ifr));
 
-	strcpy(ifr.ifr_name, iface);
+	strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
 	ifr.ifr_data = (caddr_t)areq;
 
 	s = socket(AF_INET, SOCK_DGRAM, 0);
@@ -152,7 +152,7 @@ static void an_setval(iface, areq)
 
 	bzero((char *)&ifr, sizeof(ifr));
 
-	strcpy(ifr.ifr_name, iface);
+	strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
 	ifr.ifr_data = (caddr_t)areq;
 
 	s = socket(AF_INET, SOCK_DGRAM, 0);
@@ -1035,24 +1035,21 @@ static void an_setssid(iface, act, arg)
 	an_getval(iface, &areq);
 	ssid = (struct an_ltv_ssidlist *)&areq;
 
-	switch(act) {
+	switch (act) {
 	case ACT_SET_SSID1:
 		bzero(ssid->an_ssid1, sizeof(ssid->an_ssid1));
-		bcopy((char *)arg, (char *)&ssid->an_ssid1,
-		    strlen((char *)arg));
-		ssid->an_ssid1_len = strlen((char *)arg);
+		strlcpy(ssid->an_ssid1, (char *)arg, sizeof(ssid->an_ssid1));
+		ssid->an_ssid1_len = strlen(ssid->an_ssid1);
 		break;
 	case ACT_SET_SSID2:
 		bzero(ssid->an_ssid2, sizeof(ssid->an_ssid2));
-		bcopy((char *)arg, (char *)&ssid->an_ssid2,
-		    strlen((char *)arg));
-		ssid->an_ssid2_len = strlen((char *)arg);
+		strlcpy(ssid->an_ssid2, (char *)arg, sizeof(ssid->an_ssid2));
+		ssid->an_ssid2_len = strlen(ssid->an_ssid2);
 		break;
 	case ACT_SET_SSID3:
 		bzero(ssid->an_ssid3, sizeof(ssid->an_ssid3));
-		bcopy((char *)arg, (char *)&ssid->an_ssid3,
-		    strlen((char *)arg));
-		ssid->an_ssid3_len = strlen((char *)arg);
+		strlcpy(ssid->an_ssid3, (char *)arg, sizeof(ssid->an_ssid3));
+		ssid->an_ssid3_len = strlen(ssid->an_ssid3);
 		break;
 	default:
 		errx(1, "unknown action");