Date: Wed, 05 Mar 1997 23:26:03 -0700 From: Warner Losh <imp@village.org> To: Bradley Dunn <bradley@dunn.org> Cc: Snob Art Genre <ben@narcissus.ml.org>, freebsd-security@freebsd.org Subject: Re: FreeBSD lpd Security Vulnerability (fwd) Message-ID: <E0w2Wct-00032Z-00@rover.village.org> In-Reply-To: Your message of "Wed, 05 Mar 1997 18:50:58 EST." <Pine.BSF.3.95.970305185009.16059B-100000@ns2.harborcom.net> References: <Pine.BSF.3.95.970305185009.16059B-100000@ns2.harborcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- In message <Pine.BSF.3.95.970305185009.16059B-100000@ns2.harborcom.net> Bradley Dunn writes: : On Wed, 5 Mar 1997, Snob Art Genre wrote: : > Is there a patch for -stable? The patch included with the advisory : > wasn't applicable on my system. : : http://freebsd.org/cgi/cvsweb.cgi/src/lib/libc/net/rcmd.c?r1=1.3.4.4&r2=1.3.4.5 Apply the following patch, rebuild libc and install the shared library. Since lpd is dynamically linked, this will fix the problem. Index: rcmd.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/lib/libc/net/rcmd.c,v retrieving revision 1.3.4.4 retrieving revision 1.3.4.5 diff -u -r1.3.4.4 -r1.3.4.5 - --- rcmd.c 1997/02/09 06:57:54 1.3.4.4 +++ rcmd.c 1997/02/26 06:14:11 1.3.4.5 @@ -377,7 +377,8 @@ if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long), AF_INET)) == NULL) return (-1); - - strcpy(hname, hp->h_name); + strncpy(hname, hp->h_name, sizeof(hname)); + hname[sizeof(hname) - 1] = '\0'; while (fgets(buf, sizeof(buf), hostf)) { p = buf; Warner P.S. since I'm pgp signing this, saying "sed -e 's/^- //'" now might save me some mail later. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMx5jc9xynu/2qPVhAQEzWgQAnKsS8iVWiaFHp5FYcB/wK6/nJLjVy+WD Z9thkQpeLLO3+MO/B4S2rHBn9gxAXWgxl+43d1irrEMk21bQkNQsr1yAwTS/sujP 1Tf5J9sAydF/vy+uAUjFKmsrSqc2q0ykz8G3zk1ila/ykR8GHH4t+e74y4oSvHB6 XS89DGLDzEE= =U0q7 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0w2Wct-00032Z-00>