Date: Thu, 13 Mar 1997 19:52:55 -0500 (EST) From: Drew Derbyshire <ahd@kew.com> To: FreeBSD-gnats-submit@freebsd.org Subject: misc/2982: /usr/libexec/uucpd hostname truncation Message-ID: <199703140052.TAA00750@intergate.hh.kew.com> Resent-Message-ID: <199703140100.RAA01927@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 2982
>Category: misc
>Synopsis: hostname buffer length too short in uucpd
>Confidential: yes
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 13 17:00:00 PST 1997
>Last-Modified:
>Originator: Drew Derbyshire
>Organization:
Kendra Electronic Wonderworks
>Release: FreeBSD 2.2-970225-GAMMA i386
>Environment:
Running Taylor UUCP as supplied with release with uucpd active on
standard port (540).
>Description:
A failed connection to the uucpd port from a host with
a name longer than 31 characters causes a garbled message
in system log because string is not terminated. For example:
Mar 6 11:16:00 athena uucpd[4085]: LOGIN FAILURE FROM
ppp-206-170-33-17.okld03.pacbell<]?o[^W
>How-To-Repeat:
See description, above.
>Fix:
Fix is two fold:
First, use standard definition for maximum
hostname length (MAXHOSTNAMLEN) for remotehost[]
variable in various routines in program.
Second, terminate string after copy by assigning
last character of string `\0';
Patch follows:
*** /usr/src/libexec/uucpd/uucpd.original.c Thu Mar 13 19:17:53 1997
--- /usr/src/libexec/uucpd/uucpd.c Thu Mar 13 19:26:29 1997
***************
*** 55,60 ****
--- 55,61 ----
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
+ #include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
***************
*** 110,116 ****
void badlogin(char *name, struct sockaddr_in *sin)
{
! char remotehost[32];
struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
sizeof (struct in_addr), AF_INET);
--- 111,117 ----
void badlogin(char *name, struct sockaddr_in *sin)
{
! char remotehost[MAXHOSTNAMELEN];
struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
sizeof (struct in_addr), AF_INET);
***************
*** 121,126 ****
--- 122,129 ----
strncpy(remotehost, inet_ntoa(sin->sin_addr),
sizeof (remotehost));
+ remotehost[ sizeof remotehost - 1] = '\0';
+
syslog(LOG_NOTICE, "LOGIN FAILURE FROM %s", remotehost);
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"LOGIN FAILURE FROM %s, %s", remotehost, name);
***************
*** 237,243 ****
void dologin(struct passwd *pw, struct sockaddr_in *sin)
{
char line[32];
! char remotehost[32];
int f;
time_t cur_time;
struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
--- 240,246 ----
void dologin(struct passwd *pw, struct sockaddr_in *sin)
{
char line[32];
! char remotehost[MAXHOSTNAMELEN];
int f;
time_t cur_time;
struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
>Audit-Trail:
>Unformatted:
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703140052.TAA00750>