summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorimp <imp@FreeBSD.org>1997-02-26 06:12:34 +0000
committerimp <imp@FreeBSD.org>1997-02-26 06:12:34 +0000
commit00bfe049f97d722775fe5c444bd8ae53e872e3ac (patch)
tree985495b1a1b5257d826cfbf5d70b5ab0047e479c
parent00300384a2b1055320fce654c66ffe444dc1a3b3 (diff)
downloadFreeBSD-src-00bfe049f97d722775fe5c444bd8ae53e872e3ac.zip
FreeBSD-src-00bfe049f97d722775fe5c444bd8ae53e872e3ac.tar.gz
Buffer overflow from DNS name information which could cause root access
when called from lpd. Reviewed by: jkh, pst Submitted by: Oliver Friedrichs <oliver@secnet.com>
-rw-r--r--lib/libc/net/rcmd.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c
index 0aa99c3..ff108d9 100644
--- a/lib/libc/net/rcmd.c
+++ b/lib/libc/net/rcmd.c
@@ -393,7 +393,8 @@ __ivaliduser(hostf, raddr, luser, ruser)
if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long),
AF_INET)) == NULL)
return (-1);
- strcpy(hname, hp->h_name);
+ strncpy(hname, hp->h_name, sizeof(hname));
+ hname[sizeof(hname) - 1] = '\0';
while (fgets(buf, sizeof(buf), hostf)) {
p = buf;
OpenPOWER on IntegriCloud