From 68e920f1892dc6c636ff63e96fb58c4ffeade914 Mon Sep 17 00:00:00 2001
From: mjl <mjl@NetBSD.org>
Date: Fri, 21 Jul 2000 12:37:00 +0000
Subject: [PATCH] Increase buffer size to maximum allowed by spec (filename may
 be up to 128 chars long). Ignore filenames longer than this. Use syslog with
 %s as format, just in case. The above changes come from OpenBSD.

Also use #define instead of magic constants.
---
 mopd/process.c | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/mopd/process.c b/mopd/process.c
index ebaf176..73be113 100644
--- a/mopd/process.c
+++ b/mopd/process.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: process.c,v 1.7 2000/06/27 18:57:41 ragge Exp $	*/
+/*	$NetBSD: process.c,v 1.8 2000/07/21 12:37:00 mjl Exp $	*/
 
 /*
  * Copyright (c) 1993-95 Mats O Jansson.  All rights reserved.
@@ -31,7 +31,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: process.c,v 1.7 2000/06/27 18:57:41 ragge Exp $");
+__RCSID("$NetBSD: process.c,v 1.8 2000/07/21 12:37:00 mjl Exp $");
 #endif
 
 #include "os.h"
@@ -214,6 +214,8 @@ mopSendASV(dst, src, ii, trans)
 	}
 }
 
+#define MAX_ETH_PAYLOAD 1492
+
 void
 mopStartLoad(dst, src, dl_rpr, trans)
 	u_char	*dst,*src;
@@ -278,12 +280,12 @@ mopStartLoad(dst, src, dl_rpr, trans)
 	dllist[slot].a_lseek   = 0;
 
 	dllist[slot].count     = 0;
-	if (dllist[slot].dl_bsz >= 1492)
-		dllist[slot].dl_bsz = 1492;
+	if (dllist[slot].dl_bsz >= MAX_ETH_PAYLOAD || dllist[slot].dl_bsz == 0)
+		dllist[slot].dl_bsz = MAX_ETH_PAYLOAD;
 	if (dllist[slot].dl_bsz == 1030)	/* VS/uVAX 2000 needs this */
 		dllist[slot].dl_bsz = 1000;
 	if (dllist[slot].dl_bsz == 0)		/* Needed by "big" VAXen */
-		dllist[slot].dl_bsz = 1492;
+		dllist[slot].dl_bsz = MAX_ETH_PAYLOAD;
 	if (trans == TRANS_8023)
 		dllist[slot].dl_bsz = dllist[slot].dl_bsz - 8;
 
@@ -366,14 +368,14 @@ mopNextLoad(dst, src, new_count, trans)
 		sprintf(line,
 			"%x:%x:%x:%x:%x:%x Load completed",
 			dst[0],dst[1],dst[2],dst[3],dst[4],dst[5]);
-		syslog(LOG_INFO, line);
+		syslog(LOG_INFO, "%s", line);
 		return;
 	}
 
 	dllist[slot].lseek     = lseek(dllist[slot].ldfd,0L,SEEK_CUR);
 	
-	if (dllist[slot].dl_bsz >= 1492)
-		dllist[slot].dl_bsz = 1492;
+	if (dllist[slot].dl_bsz >= MAX_ETH_PAYLOAD)
+		dllist[slot].dl_bsz = MAX_ETH_PAYLOAD;
 	
 	index = 0;
 	mopPutHeader(pkt, &index, dst, src, ptype, trans);
@@ -453,7 +455,7 @@ mopProcessDL(fd, ii, pkt, index, dst, src, trans, len)
 {
 	u_char  tmpc;
 	u_short moplen;
-	u_char  pfile[17], mopcode;
+	u_char  pfile[129], mopcode;
 	char    filename[FILENAME_MAX];
 	char    line[100];
 	int     i,nfd,iindex;
@@ -502,6 +504,8 @@ mopProcessDL(fd, ii, pkt, index, dst, src, trans, len)
 		rpr_pgty = mopGetChar(pkt,index);	/* Program Type */
 		
 		tmpc = mopGetChar(pkt,index);		/* Software ID Len */
+		if (tmpc > sizeof(pfile) - 1)
+			return;
 		for (i = 0; i < tmpc; i++) {
 			pfile[i] = mopGetChar(pkt,index);
 			pfile[i+1] = '\0';
@@ -543,7 +547,7 @@ mopProcessDL(fd, ii, pkt, index, dst, src, trans, len)
 					src[0],src[1],src[2],
 					src[3],src[4],src[5],trans,pfile);
 			}
-			syslog(LOG_INFO, line);
+			syslog(LOG_INFO, "%s", line);
 		} else {
 			if ((mopCmpEAddr(dst,ii->eaddr) == 0)) {
 				dl_rpr->ldfd = open(filename, O_RDONLY, 0);
@@ -552,7 +556,7 @@ mopProcessDL(fd, ii, pkt, index, dst, src, trans, len)
 					"%x:%x:%x:%x:%x:%x Send me %s",
 					src[0],src[1],src[2],
 					src[3],src[4],src[5],pfile);
-				syslog(LOG_INFO, line);
+				syslog(LOG_INFO, "%s", line);
 			}
 		}