From owner-freebsd-audit Fri Mar 9 14: 1:53 2001 Delivered-To: freebsd-audit@freebsd.org Received: from Awfulhak.org (awfulhak.demon.co.uk [194.222.196.252]) by hub.freebsd.org (Postfix) with ESMTP id 85CE337B718; Fri, 9 Mar 2001 14:01:49 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.2/8.11.2) with ESMTP id f29M3LC88919; Fri, 9 Mar 2001 22:03:21 GMT (envelope-from brian@lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.3/8.11.3) with ESMTP id f29M4Wu05447; Fri, 9 Mar 2001 22:04:32 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Warner Losh Cc: Brian Somers , freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix In-Reply-To: Message from Warner Losh of "Fri, 09 Mar 2001 14:38:08 MST." <200103092138.f29Lc8I10799@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Mar 2001 22:04:32 +0000 From: Brian Somers Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > In message <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> Brian Somers writes: > : Eivind has some patches in the pipeline here to return errors rather > : than truncating host names, so it was his work that found the actual > : overrun.... I figured I'd commit this and possibly ask for an MFC > : RSN so that we get this fixed for the -stable release. > : > : Ta. > : -- > : Brian > : > : Don't _EVER_ lose your sense of humour ! > : > : Index: realhostname.c > : =================================================================== > : RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v > : retrieving revision 1.10 > : diff -u -r1.10 realhostname.c > : --- realhostname.c 2001/01/28 21:51:25 1.10 > : +++ realhostname.c 2001/03/09 21:12:01 > : @@ -52,7 +52,7 @@ > : int > : realhostname(char *host, size_t hsize, const struct in_addr *ip) > : { > : - char trimmed[MAXHOSTNAMELEN+1]; > : + char trimmed[MAXHOSTNAMELEN]; > : int result; > : struct hostent *hp; > : > : @@ -136,15 +136,15 @@ > : freeaddrinfo(ores); > : goto numeric; > : } > : - strncpy(buf, ores->ai_canonname, > : + strlcpy(buf, ores->ai_canonname, > : sizeof(buf)); > : trimdomain(buf, hsize); > : - strncpy(host, buf, hsize); > : - if (strlen(host) > hsize && > : + if (strlen(buf) > hsize && > : addr->sa_family == AF_INET) { > : freeaddrinfo(ores); > : goto numeric; > : } > : + strncpy(host, buf, hsize); > > Should likely use strlcpy. The returned string (host) is not meant to be terminated if the host fits exactly - eg, realhostname(ut.ut_host, UT_HOSTSIZE, ...). > Warner -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message