4358464 praudit text tokens don't output standard control characters.

6510139 *praudit* dumps core on stdin fuzz testing
6512519 praudit displays arbitrary data token strings with four spaces between characters

2 files changed, 18 insertions, 13 deletions

diff --git a/usr/src/lib/libbsm/common/adrf.c b/usr/src/lib/libbsm/common/adrf.c
index 59fedd3454..dd82b0a85e 100644
--- a/usr/src/lib/libbsm/common/adrf.c
+++ b/usr/src/lib/libbsm/common/adrf.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -55,6 +54,8 @@ adrf_char(adrf_t *adrf, char *cp, int count)
 {
 	int c;	/* read character in here */
 
+	if (count < 0)
+		return (-1);
 	while (count--) {
 		if ((c = fgetc(adrf->adrf_fp)) == EOF)
 			return (-1);
@@ -72,6 +73,8 @@ adrf_short(adrf_t *adrf, short *sp, int count)
 {
 	int c;	/* read character in here */
 
+	if (count < 0)
+		return (-1);
 	while (count--) {
 		if ((c = fgetc(adrf->adrf_fp)) == EOF)
 			return (-1);
@@ -99,6 +102,8 @@ adrf_int32(adrf_t *adrf, int32_t *lp, int count)
 	int i;
 	int c;	/* read character in here */
 
+	if (count < 0)
+		return (-1);
 	for (; count--; lp++) {
 		*lp = 0;
 		for (i = 0; i < 4; i++) {
@@ -118,6 +123,8 @@ adrf_int64(adrf_t *adrf, int64_t *lp, int count)
 	int i;
 	int c;	/* read character in here */
 
+	if (count < 0)
+		return (-1);
 	for (; count--; lp++) {
 		*lp = 0;
 		for (i = 0; i < 8; i++) {
diff --git a/usr/src/lib/libbsm/common/adrm.c b/usr/src/lib/libbsm/common/adrm.c
index 9b712c2178..e86f188d4b 100644
--- a/usr/src/lib/libbsm/common/adrm.c
+++ b/usr/src/lib/libbsm/common/adrm.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -48,7 +47,7 @@ adrm_start(adr_t *adr, char *p)
 void
 adrm_char(adr_t *adr, char *cp, int count)
 {
-	while (count--)
+	while (count-- > 0)
 		*cp++ = *adr->adr_now++;
 }
 
@@ -58,8 +57,7 @@ adrm_char(adr_t *adr, char *cp, int count)
 void
 adrm_short(adr_t *adr, short *sp, int count)
 {
-
-	while (count--) {
+	while (count-- > 0) {
 		*sp = *adr->adr_now++ << 8;
 		*sp++ += ((short)*adr->adr_now++) & 0x00ff;
 	}
@@ -78,7 +76,7 @@ adrm_int32(adr_t *adr, int32_t *lp, int count)
 {
 	int i;
 
-	for (; count--; lp++) {
+	for (; count-- > 0; lp++) {
 		*lp = 0;
 		for (i = 0; i < 4; i++) {
 			*lp <<= 8;
@@ -92,7 +90,7 @@ adrm_int64(adr_t *adr, int64_t *lp, int count)
 {
 	int i;
 
-	for (; count--; lp++) {
+	for (; count-- > 0; lp++) {
 		*lp = 0;
 		for (i = 0; i < 8; i++) {
 			*lp <<= 8;