Date: Fri, 09 Mar 2001 21:25:47 +0000 From: Brian Somers <brian@Awfulhak.org> To: freebsd-audit@FreeBSD.org Cc: Brian Somers <brian@Awfulhak.org>, eivind@FreeBSD.org Subject: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Message-ID: <200103092125.f29LPlu04957@hak.lan.Awfulhak.org>
next in thread | raw e-mail | index | archive | help
Would someone mind looking at this patch ? It fixes the use of
MAXHOSTNAMELEN, but also avoids wandering off the end of a
possibly-not-terminated passed-in buffer with strlen().
Eivind has some patches in the pipeline here to return errors rather
than truncating host names, so it was his work that found the actual
overrun.... I figured I'd commit this and possibly ask for an MFC
RSN so that we get this fixed for the -stable release.
Ta.
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
Index: realhostname.c
===================================================================
RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v
retrieving revision 1.10
diff -u -r1.10 realhostname.c
--- realhostname.c 2001/01/28 21:51:25 1.10
+++ realhostname.c 2001/03/09 21:12:01
@@ -52,7 +52,7 @@
int
realhostname(char *host, size_t hsize, const struct in_addr *ip)
{
- char trimmed[MAXHOSTNAMELEN+1];
+ char trimmed[MAXHOSTNAMELEN];
int result;
struct hostent *hp;
@@ -136,15 +136,15 @@
freeaddrinfo(ores);
goto numeric;
}
- strncpy(buf, ores->ai_canonname,
+ strlcpy(buf, ores->ai_canonname,
sizeof(buf));
trimdomain(buf, hsize);
- strncpy(host, buf, hsize);
- if (strlen(host) > hsize &&
+ if (strlen(buf) > hsize &&
addr->sa_family == AF_INET) {
freeaddrinfo(ores);
goto numeric;
}
+ strncpy(host, buf, hsize);
break;
}
((struct sockinet *)addr)->si_port = port;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103092125.f29LPlu04957>