fortune: avoid buffer overflow for lines >= 2K, make sure index has at least one entry, use nrand()/ntruerand() for uniform distribution

author: cinap_lenrek <cinap_lenrek@felloff.net> 2017-03-19 22:04:26 +0100
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2017-03-19 22:04:26 +0100
commit: c2201000053c29f35c9e9fffd6514a163790cccf (patch)
tree: 963ec77b04a021c604a23908aa0834d723383bcd /sys/src/cmd/fortune.c
parent: da9b38c75c11cc7f18415849b5bf14579ef8317c (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/src/cmd/fortune.c b/sys/src/cmd/fortune.c
index 84c59f34a..8ceb6f66b 100644
--- a/sys/src/cmd/fortune.c
+++ b/sys/src/cmd/fortune.c
@@ -35,7 +35,7 @@ main(int argc, char *argv[])
 				print("Misfortune?\n");
 				exits("misfortune");
 			}
-			if(ixbuf->length == 0){
+			if(ixbuf->length < sizeof(offs)){
 				/* someone else is rewriting the index */
 				goto NoIndex;
 			}
@@ -56,13 +56,13 @@ main(int argc, char *argv[])
 		}
 	}
 	if(oldindex){
-		seek(ix, truerand()%(ixbuf->length/sizeof(offs))*sizeof(offs), 0);
+		seek(ix, ntruerand(ixbuf->length/sizeof(offs))*sizeof(offs), 0);
 		read(ix, off, sizeof(off));
 		Bseek(f, off[0]|(off[1]<<8)|(off[2]<<16)|(off[3]<<24), 0);
 		p = Brdline(f, '\n');
 		if(p){
 			p[Blinelen(f)-1] = 0;
-			strcpy(choice, p);
+			strncpy(choice, p, sizeof(choice)-1);
 		}else
 			strcpy(choice, "Misfortune!");
 	}else{
@@ -83,8 +83,8 @@ NoIndex:
 				off[3] = offs>>24;
 				Bwrite(&g, off, sizeof(off));
 			}
-			if(lrand()%i==0)
-				strcpy(choice, p);
+			if(nrand(i)==0)
+				strncpy(choice, p, sizeof(choice)-1);
 		}
 	}
 	print("%s\n", choice);
author	cinap_lenrek <cinap_lenrek@felloff.net>	2017-03-19 22:04:26 +0100
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2017-03-19 22:04:26 +0100
commit	c2201000053c29f35c9e9fffd6514a163790cccf (patch)
tree	963ec77b04a021c604a23908aa0834d723383bcd /sys/src/cmd/fortune.c
parent	da9b38c75c11cc7f18415849b5bf14579ef8317c (diff)