Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 09 Mar 2001 14:38:08 -0700
From:      Warner Losh <imp@harmony.village.org>
To:        Brian Somers <brian@Awfulhak.org>
Cc:        freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG
Subject:   Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix 
Message-ID:  <200103092138.f29Lc8I10799@harmony.village.org>
In-Reply-To: Your message of "Fri, 09 Mar 2001 21:25:47 GMT." <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> 
References:  <200103092125.f29LPlu04957@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> Brian Somers writes:
: Eivind has some patches in the pipeline here to return errors rather 
: than truncating host names, so it was his work that found the actual 
: overrun....  I figured I'd commit this and possibly ask for an MFC 
: RSN so that we get this fixed for the -stable release.
: 
: Ta.
: -- 
: Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
:       <http://www.Awfulhak.org>;                   <brian@[uk.]OpenBSD.org>
: Don't _EVER_ lose your sense of humour !
: 
: Index: realhostname.c
: ===================================================================
: RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v
: retrieving revision 1.10
: diff -u -r1.10 realhostname.c
: --- realhostname.c	2001/01/28 21:51:25	1.10
: +++ realhostname.c	2001/03/09 21:12:01
: @@ -52,7 +52,7 @@
:  int
:  realhostname(char *host, size_t hsize, const struct in_addr *ip)
:  {
: -	char trimmed[MAXHOSTNAMELEN+1];
: +	char trimmed[MAXHOSTNAMELEN];
:  	int result;
:  	struct hostent *hp;
:  
: @@ -136,15 +136,15 @@
:  						freeaddrinfo(ores);
:  						goto numeric;
:  					}
: -					strncpy(buf, ores->ai_canonname,
: +					strlcpy(buf, ores->ai_canonname,
:  						sizeof(buf));
:  					trimdomain(buf, hsize);
: -					strncpy(host, buf, hsize);
: -					if (strlen(host) > hsize &&
: +					if (strlen(buf) > hsize &&
:  					    addr->sa_family == AF_INET) {
:  						freeaddrinfo(ores);
:  						goto numeric;
:  					}
: +					strncpy(host, buf, hsize);

Should likely use strlcpy.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103092138.f29Lc8I10799>