Date: Fri, 09 Mar 2001 15:10:18 -0700 From: Warner Losh <imp@harmony.village.org> To: Brian Somers <brian@Awfulhak.org> Cc: freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Message-ID: <200103092210.f29MAII10967@harmony.village.org> In-Reply-To: Your message of "Fri, 09 Mar 2001 22:04:32 GMT." <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> References: <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> Brian Somers writes: : > In message <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> Brian Somers writes: : > : Eivind has some patches in the pipeline here to return errors rather : > : than truncating host names, so it was his work that found the actual : > : overrun.... I figured I'd commit this and possibly ask for an MFC : > : RSN so that we get this fixed for the -stable release. : > : : > : Ta. : > : -- : > : Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> : > : <http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org> : > : Don't _EVER_ lose your sense of humour ! : > : : > : Index: realhostname.c : > : =================================================================== : > : RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v : > : retrieving revision 1.10 : > : diff -u -r1.10 realhostname.c : > : --- realhostname.c 2001/01/28 21:51:25 1.10 : > : +++ realhostname.c 2001/03/09 21:12:01 : > : @@ -52,7 +52,7 @@ : > : int : > : realhostname(char *host, size_t hsize, const struct in_addr *ip) : > : { : > : - char trimmed[MAXHOSTNAMELEN+1]; : > : + char trimmed[MAXHOSTNAMELEN]; : > : int result; : > : struct hostent *hp; : > : : > : @@ -136,15 +136,15 @@ : > : freeaddrinfo(ores); : > : goto numeric; : > : } : > : - strncpy(buf, ores->ai_canonname, : > : + strlcpy(buf, ores->ai_canonname, : > : sizeof(buf)); : > : trimdomain(buf, hsize); : > : - strncpy(host, buf, hsize); : > : - if (strlen(host) > hsize && : > : + if (strlen(buf) > hsize && : > : addr->sa_family == AF_INET) { : > : freeaddrinfo(ores); : > : goto numeric; : > : } : > : + strncpy(host, buf, hsize); : > : > Should likely use strlcpy. : : The returned string (host) is not meant to be terminated if the host : fits exactly - eg, realhostname(ut.ut_host, UT_HOSTSIZE, ...). Then we should terminate it. That's a lame interface. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103092210.f29MAII10967>