From owner-freebsd-security Thu Mar 6 11:14:28 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA05254 for security-outgoing; Thu, 6 Mar 1997 11:14:28 -0800 (PST) Received: from clunix.msu.edu (clunix.cl.msu.edu [35.9.6.4]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id LAA05215 for ; Thu, 6 Mar 1997 11:14:16 -0800 (PST) Received: by clunix.msu.edu (AIX 3.2/UCB 5.64/4.03) id AA21857; Thu, 6 Mar 1997 14:14:03 -0500 From: budzyn@clunix.cl.msu.edu (Joe Budzyn) Message-Id: <9703061914.AA21857@clunix.msu.edu> Subject: Re: FreeBSD lpd Security Vulnerability (fwd) To: freebsd-security@freebsd.org Date: Thu, 6 Mar 1997 14:14:03 -0500 (EST) X-Mailer: ELM [version 2.4 PL22] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Apply the following patch, rebuild libc and install the shared > library. Since lpd is dynamically linked, this will fix the problem. > > Index: rcmd.c > =================================================================== > RCS file: /home/imp/FreeBSD/CVS/src/lib/libc/net/rcmd.c,v > retrieving revision 1.3.4.4 > retrieving revision 1.3.4.5 > diff -u -r1.3.4.4 -r1.3.4.5 > - --- rcmd.c 1997/02/09 06:57:54 1.3.4.4 > +++ rcmd.c 1997/02/26 06:14:11 1.3.4.5 > @@ -377,7 +377,8 @@ > if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long), > AF_INET)) == NULL) > return (-1); > - - strcpy(hname, hp->h_name); > + strncpy(hname, hp->h_name, sizeof(hname)); > + hname[sizeof(hname) - 1] = '\0'; > > while (fgets(buf, sizeof(buf), hostf)) { > p = buf; When this patch is applied, nslookup breaks. It needs to be recompiled to work. Is there anything else that might break? Joe Budzyn