From owner-freebsd-audit Fri Mar 9 13:23: 7 2001 Delivered-To: freebsd-audit@freebsd.org Received: from Awfulhak.org (awfulhak.demon.co.uk [194.222.196.252]) by hub.freebsd.org (Postfix) with ESMTP id 52D2C37B71A; Fri, 9 Mar 2001 13:22:54 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.2/8.11.2) with ESMTP id f29LOaC88745; Fri, 9 Mar 2001 21:24:36 GMT (envelope-from brian@lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.3/8.11.3) with ESMTP id f29LPlu04957; Fri, 9 Mar 2001 21:25:47 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: freebsd-audit@FreeBSD.org Cc: Brian Somers , eivind@FreeBSD.org Subject: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Mar 2001 21:25:47 +0000 From: Brian Somers Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Would someone mind looking at this patch ? It fixes the use of MAXHOSTNAMELEN, but also avoids wandering off the end of a possibly-not-terminated passed-in buffer with strlen(). Eivind has some patches in the pipeline here to return errors rather than truncating host names, so it was his work that found the actual overrun.... I figured I'd commit this and possibly ask for an MFC RSN so that we get this fixed for the -stable release. Ta. -- Brian Don't _EVER_ lose your sense of humour ! Index: realhostname.c =================================================================== RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v retrieving revision 1.10 diff -u -r1.10 realhostname.c --- realhostname.c 2001/01/28 21:51:25 1.10 +++ realhostname.c 2001/03/09 21:12:01 @@ -52,7 +52,7 @@ int realhostname(char *host, size_t hsize, const struct in_addr *ip) { - char trimmed[MAXHOSTNAMELEN+1]; + char trimmed[MAXHOSTNAMELEN]; int result; struct hostent *hp; @@ -136,15 +136,15 @@ freeaddrinfo(ores); goto numeric; } - strncpy(buf, ores->ai_canonname, + strlcpy(buf, ores->ai_canonname, sizeof(buf)); trimdomain(buf, hsize); - strncpy(host, buf, hsize); - if (strlen(host) > hsize && + if (strlen(buf) > hsize && addr->sa_family == AF_INET) { freeaddrinfo(ores); goto numeric; } + strncpy(host, buf, hsize); break; } ((struct sockinet *)addr)->si_port = port; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message