From owner-freebsd-bugs Thu Mar 13 17:00:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA01950 for bugs-outgoing; Thu, 13 Mar 1997 17:00:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA01927; Thu, 13 Mar 1997 17:00:01 -0800 (PST) Resent-Date: Thu, 13 Mar 1997 17:00:01 -0800 (PST) Resent-Message-Id: <199703140100.RAA01927@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, ahd@kew.com Received: from intergate.hh.kew.com (root@fantasy-factory.net.kew.com [204.96.41.103]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA01534 for ; Thu, 13 Mar 1997 16:52:59 -0800 (PST) Received: (from root@localhost) by intergate.hh.kew.com (8.8.5/8.8.5) id TAA00750; Thu, 13 Mar 1997 19:52:55 -0500 (EST) Message-Id: <199703140052.TAA00750@intergate.hh.kew.com> Date: Thu, 13 Mar 1997 19:52:55 -0500 (EST) From: Drew Derbyshire Reply-To: ahd@kew.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: misc/2982: /usr/libexec/uucpd hostname truncation Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 2982 >Category: misc >Synopsis: hostname buffer length too short in uucpd >Confidential: yes >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 13 17:00:00 PST 1997 >Last-Modified: >Originator: Drew Derbyshire >Organization: Kendra Electronic Wonderworks >Release: FreeBSD 2.2-970225-GAMMA i386 >Environment: Running Taylor UUCP as supplied with release with uucpd active on standard port (540). >Description: A failed connection to the uucpd port from a host with a name longer than 31 characters causes a garbled message in system log because string is not terminated. For example: Mar 6 11:16:00 athena uucpd[4085]: LOGIN FAILURE FROM ppp-206-170-33-17.okld03.pacbell<]?o[^W >How-To-Repeat: See description, above. >Fix: Fix is two fold: First, use standard definition for maximum hostname length (MAXHOSTNAMLEN) for remotehost[] variable in various routines in program. Second, terminate string after copy by assigning last character of string `\0'; Patch follows: *** /usr/src/libexec/uucpd/uucpd.original.c Thu Mar 13 19:17:53 1997 --- /usr/src/libexec/uucpd/uucpd.c Thu Mar 13 19:26:29 1997 *************** *** 55,60 **** --- 55,61 ---- #include #include #include + #include #include #include #include *************** *** 110,116 **** void badlogin(char *name, struct sockaddr_in *sin) { ! char remotehost[32]; struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr, sizeof (struct in_addr), AF_INET); --- 111,117 ---- void badlogin(char *name, struct sockaddr_in *sin) { ! char remotehost[MAXHOSTNAMELEN]; struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr, sizeof (struct in_addr), AF_INET); *************** *** 121,126 **** --- 122,129 ---- strncpy(remotehost, inet_ntoa(sin->sin_addr), sizeof (remotehost)); + remotehost[ sizeof remotehost - 1] = '\0'; + syslog(LOG_NOTICE, "LOGIN FAILURE FROM %s", remotehost); syslog(LOG_AUTHPRIV|LOG_NOTICE, "LOGIN FAILURE FROM %s, %s", remotehost, name); *************** *** 237,243 **** void dologin(struct passwd *pw, struct sockaddr_in *sin) { char line[32]; ! char remotehost[32]; int f; time_t cur_time; struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr, --- 240,246 ---- void dologin(struct passwd *pw, struct sockaddr_in *sin) { char line[32]; ! char remotehost[MAXHOSTNAMELEN]; int f; time_t cur_time; struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr, >Audit-Trail: >Unformatted: