From owner-cvs-usrsbin  Fri Jul 18 11:56:29 1997
Return-Path: <owner-cvs-usrsbin>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id LAA09975
          for cvs-usrsbin-outgoing; Fri, 18 Jul 1997 11:56:29 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA09846;
          Fri, 18 Jul 1997 11:54:13 -0700 (PDT)
From: Warner Losh <imp@FreeBSD.ORG>
Received: (from imp@localhost)
	by freefall.freebsd.org (8.8.6/8.8.5) id LAA15879;
	Fri, 18 Jul 1997 11:52:55 -0700 (PDT)
Date: Fri, 18 Jul 1997 11:52:55 -0700 (PDT)
Message-Id: <199707181852.LAA15879@freefall.freebsd.org>
To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG
Subject: cvs commit: src/usr.sbin/lpr/common_source common.c
Sender: owner-cvs-usrsbin@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

imp         1997/07/18 11:52:54 PDT

  Modified files:
    usr.sbin/lpr/common_source common.c 
  Log:
  Add code to make sure that we don't overflow the buffer that we copy
  the hostname into.  In theory the bind library should do this, but
  in practice the limites between system defines and bind defines make
  an attack using this vector possible.  These patches have been in
  use on my systems for three months now, so I am fairly confident about
  them.  I plan on commiting this to 2.2 and 2.1 in the near future,
  as well as many other patches of this nature.
  
  Revision  Changes    Path
  1.5       +4 -1      src/usr.sbin/lpr/common_source/common.c