Date: Tue, 30 Jan 2001 23:01:21 -0500 (EST) From: Mike Heffner <mheffner@vt.edu> To: FreeBSD-audit <FreeBSD-audit@freebsd.org> Subject: patch for libc/net/hesiod.c Message-ID: <XFMail.20010130230121.mheffner@vt.edu>
next in thread | raw e-mail | index | archive | help
This patch fixes some string overflow issues in the hesiod(3) functions in libc.
Reviews?
Index: hesiod.c
===================================================================
RCS file: /home/ncvs/src/lib/libc/net/hesiod.c,v
retrieving revision 1.3
diff -u -r1.3 hesiod.c
--- hesiod.c 2000/09/30 17:29:54 1.3
+++ hesiod.c 2001/01/31 03:13:37
@@ -162,7 +162,7 @@
const char *rhs;
int len;
- strcpy(bindname, name);
+ strlcpy(bindname, name, sizeof(bindname));
/*
* Find the right right hand side to use, possibly
@@ -197,17 +197,17 @@
return NULL;
}
/* Put together the rest of the domain. */
- strcat(bindname, ".");
- strcat(bindname, type);
+ strlcat(bindname, ".", sizeof(bindname));
+ strlcat(bindname, type, sizeof(bindname));
/* Only append lhs if it isn't empty. */
if (ctx->lhs && ctx->lhs[0] != '\0' ) {
if (ctx->lhs[0] != '.')
- strcat(bindname, ".");
- strcat(bindname, ctx->lhs);
+ strlcat(bindname, ".", sizeof(bindname));
+ strlcat(bindname, ctx->lhs, sizeof(bindname));
}
if (rhs[0] != '.')
- strcat(bindname, ".");
- strcat(bindname, rhs);
+ strlcat(bindname, ".", sizeof(bindname));
+ strlcat(bindname, rhs, sizeof(bindname));
/* rhs_list is no longer needed, since we're done with rhs. */
if (rhs_list)
--
Mike Heffner <mheffner@vt.edu>
Blacksburg, VA ICQ# 882073
http://filebox.vt.edu/users/mheffner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20010130230121.mheffner>