shithub: riscv

Download patch

ref: c2201000053c29f35c9e9fffd6514a163790cccf
parent: da9b38c75c11cc7f18415849b5bf14579ef8317c
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Mar 19 18:04:26 EDT 2017

fortune: avoid buffer overflow for lines >= 2K, make sure index has at least one entry, use nrand()/ntruerand() for uniform distribution

--- a/sys/src/cmd/fortune.c
+++ b/sys/src/cmd/fortune.c
@@ -35,7 +35,7 @@
 				print("Misfortune?\n");
 				exits("misfortune");
 			}
-			if(ixbuf->length == 0){
+			if(ixbuf->length < sizeof(offs)){
 				/* someone else is rewriting the index */
 				goto NoIndex;
 			}
@@ -56,13 +56,13 @@
 		}
 	}
 	if(oldindex){
-		seek(ix, truerand()%(ixbuf->length/sizeof(offs))*sizeof(offs), 0);
+		seek(ix, ntruerand(ixbuf->length/sizeof(offs))*sizeof(offs), 0);
 		read(ix, off, sizeof(off));
 		Bseek(f, off[0]|(off[1]<<8)|(off[2]<<16)|(off[3]<<24), 0);
 		p = Brdline(f, '\n');
 		if(p){
 			p[Blinelen(f)-1] = 0;
-			strcpy(choice, p);
+			strncpy(choice, p, sizeof(choice)-1);
 		}else
 			strcpy(choice, "Misfortune!");
 	}else{
@@ -83,8 +83,8 @@
 				off[3] = offs>>24;
 				Bwrite(&g, off, sizeof(off));
 			}
-			if(lrand()%i==0)
-				strcpy(choice, p);
+			if(nrand(i)==0)
+				strncpy(choice, p, sizeof(choice)-1);
 		}
 	}
 	print("%s\n", choice);