From aeb0662c0c169c58c5fd2a4aac57c5c31f804fb3 Mon Sep 17 00:00:00 2001
From: Gwenio <gwenio@live.com>
Date: Thu, 7 Mar 2013 12:31:42 -0500
Subject: [PATCH] Fixed buffer overflow in usr.bin/shlock/shlock.c and made
 trivial changes in other places to better comply with
 strict aliasing.

---
 lib/libevtr/evtr.c      | 6 +++---
 lib/libfetch/ftp.c      | 6 +++---
 libexec/tftpd/tftpd.c   | 6 +++---
 usr.bin/shlock/shlock.c | 2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/lib/libevtr/evtr.c b/lib/libevtr/evtr.c
index bbee6ad..6a86fe5 100644
--- a/lib/libevtr/evtr.c
+++ b/lib/libevtr/evtr.c
@@ -853,7 +853,7 @@ thread_switch_callback(evtr_event_t ev, void *d)
 	static struct evtr_event tdcr;
 	static char *fmt = "new_td %p %s";
 	char tidstr[40];
-	char fmtdata[sizeof(void *) + sizeof(char *)];
+	void *fmtdata[2];
 
 	cpu = evtr_cpu(evtr, ev->cpu);
 	if (!cpu) {
@@ -884,8 +884,8 @@ thread_switch_callback(evtr_event_t ev, void *d)
 		tdcr.cpu = ev->cpu;
 		tdcr.td = NULL;
 		snprintf(tidstr, sizeof(tidstr), "%p", ktdn);
-		((void **)fmtdata)[0] = ktdn;
-		((char **)fmtdata)[1] = &tidstr[0];
+		fmtdata[0] = ktdn;
+		fmtdata[1] = tidstr;
 		thread_creation_callback(&tdcr, d);
 
 		tdn = thread_map_find(&evtr->threads, ktdn);
diff --git a/lib/libfetch/ftp.c b/lib/libfetch/ftp.c
index 0dbf53d..900c3f3 100644
--- a/lib/libfetch/ftp.c
+++ b/lib/libfetch/ftp.c
@@ -118,17 +118,17 @@ static void
 unmappedaddr(struct sockaddr_in6 *sin6)
 {
 	struct sockaddr_in *sin4;
-	u_int32_t addr;
+	void *addr;
 	int port;
 
 	if (sin6->sin6_family != AF_INET6 ||
 	    !IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
 		return;
 	sin4 = (struct sockaddr_in *)sin6;
-	addr = *(u_int32_t *)(uintptr_t)&sin6->sin6_addr.s6_addr[12];
+	addr = &sin6->sin6_addr.s6_addr[12];
 	port = sin6->sin6_port;
 	memset(sin4, 0, sizeof(struct sockaddr_in));
-	sin4->sin_addr.s_addr = addr;
+	sin4->sin_addr.s_addr = *(uint32_t *)addr;
 	sin4->sin_port = port;
 	sin4->sin_family = AF_INET;
 	sin4->sin_len = sizeof(struct sockaddr_in);
diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c
index 569e61f..b44e846 100644
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@@ -798,17 +798,17 @@ static void
 unmappedaddr(struct sockaddr_in6 *sin6)
 {
 	struct sockaddr_in *sin4;
-	u_int32_t addr;
+	void *addr;
 	int port;
 
 	if (sin6->sin6_family != AF_INET6 ||
 	    !IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
 		return;
 	sin4 = (struct sockaddr_in *)sin6;
-	addr = *(u_int32_t *)&sin6->sin6_addr.s6_addr[12];
+	addr = &sin6->sin6_addr.s6_addr[12];
 	port = sin6->sin6_port;
 	memset(sin4, 0, sizeof(struct sockaddr_in));
-	sin4->sin_addr.s_addr = addr;
+	sin4->sin_addr.s_addr = *(uint32_t *)addr;
 	sin4->sin_port = port;
 	sin4->sin_family = AF_INET;
 	sin4->sin_len = sizeof(struct sockaddr_in);
diff --git a/usr.bin/shlock/shlock.c b/usr.bin/shlock/shlock.c
index ca7c292..9f33f56 100644
--- a/usr.bin/shlock/shlock.c
+++ b/usr.bin/shlock/shlock.c
@@ -234,7 +234,7 @@ check_lock(const char *file, int uucpstyle, int debug)
 			return(1);
 		}
 
-		buf[BUFSIZE] = '\0';
+		buf[BUFSIZE - 1] = '\0';
 		errno = 0;
 		tmp_pid = strtol(buf, &endptr, 10);
 		if ((*endptr != '\0' && *endptr != '\n') || errno ||
-- 
1.8.0.msysgit.0