From owner-freebsd-audit Fri Mar 9 14:10:25 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 918D937B718; Fri, 9 Mar 2001 14:10:21 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f29MAII10967; Fri, 9 Mar 2001 15:10:18 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200103092210.f29MAII10967@harmony.village.org> To: Brian Somers Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Cc: freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG In-reply-to: Your message of "Fri, 09 Mar 2001 22:04:32 GMT." <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> References: <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> Date: Fri, 09 Mar 2001 15:10:18 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> Brian Somers writes: : > In message <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> Brian Somers writes: : > : Eivind has some patches in the pipeline here to return errors rather : > : than truncating host names, so it was his work that found the actual : > : overrun.... I figured I'd commit this and possibly ask for an MFC : > : RSN so that we get this fixed for the -stable release. : > : : > : Ta. : > : -- : > : Brian : > : : > : Don't _EVER_ lose your sense of humour ! : > : : > : Index: realhostname.c : > : =================================================================== : > : RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v : > : retrieving revision 1.10 : > : diff -u -r1.10 realhostname.c : > : --- realhostname.c 2001/01/28 21:51:25 1.10 : > : +++ realhostname.c 2001/03/09 21:12:01 : > : @@ -52,7 +52,7 @@ : > : int : > : realhostname(char *host, size_t hsize, const struct in_addr *ip) : > : { : > : - char trimmed[MAXHOSTNAMELEN+1]; : > : + char trimmed[MAXHOSTNAMELEN]; : > : int result; : > : struct hostent *hp; : > : : > : @@ -136,15 +136,15 @@ : > : freeaddrinfo(ores); : > : goto numeric; : > : } : > : - strncpy(buf, ores->ai_canonname, : > : + strlcpy(buf, ores->ai_canonname, : > : sizeof(buf)); : > : trimdomain(buf, hsize); : > : - strncpy(host, buf, hsize); : > : - if (strlen(host) > hsize && : > : + if (strlen(buf) > hsize && : > : addr->sa_family == AF_INET) { : > : freeaddrinfo(ores); : > : goto numeric; : > : } : > : + strncpy(host, buf, hsize); : > : > Should likely use strlcpy. : : The returned string (host) is not meant to be terminated if the host : fits exactly - eg, realhostname(ut.ut_host, UT_HOSTSIZE, ...). Then we should terminate it. That's a lame interface. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message