diff options
author | imp <imp@FreeBSD.org> | 1997-02-26 06:12:34 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1997-02-26 06:12:34 +0000 |
commit | 00bfe049f97d722775fe5c444bd8ae53e872e3ac (patch) | |
tree | 985495b1a1b5257d826cfbf5d70b5ab0047e479c | |
parent | 00300384a2b1055320fce654c66ffe444dc1a3b3 (diff) | |
download | FreeBSD-src-00bfe049f97d722775fe5c444bd8ae53e872e3ac.zip FreeBSD-src-00bfe049f97d722775fe5c444bd8ae53e872e3ac.tar.gz |
Buffer overflow from DNS name information which could cause root access
when called from lpd.
Reviewed by: jkh, pst
Submitted by: Oliver Friedrichs <oliver@secnet.com>
-rw-r--r-- | lib/libc/net/rcmd.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c index 0aa99c3..ff108d9 100644 --- a/lib/libc/net/rcmd.c +++ b/lib/libc/net/rcmd.c @@ -393,7 +393,8 @@ __ivaliduser(hostf, raddr, luser, ruser) if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long), AF_INET)) == NULL) return (-1); - strcpy(hname, hp->h_name); + strncpy(hname, hp->h_name, sizeof(hname)); + hname[sizeof(hname) - 1] = '\0'; while (fgets(buf, sizeof(buf), hostf)) { p = buf; |