diff options
author | imp <imp@FreeBSD.org> | 1996-11-01 06:29:34 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1996-11-01 06:29:34 +0000 |
commit | a508b60adccd07a870fde8211a648f3350f35aa6 (patch) | |
tree | 6cda7818c9592d8e8faa8973600f3d736d8b76b1 | |
parent | 259bccfa492f72406c4205a16808d8749926d8ea (diff) | |
download | FreeBSD-src-a508b60adccd07a870fde8211a648f3350f35aa6.zip FreeBSD-src-a508b60adccd07a870fde8211a648f3350f35aa6.tar.gz |
Fix minor buffer problems:
Off by one in verify allowed one to march one byte off the end of
wd.wd_hostname if wd.wd_hostname had no NUL characters in it.
strncpy of myname into mywd used the source buffer's length, rather
than the dest.
-rw-r--r-- | usr.sbin/rwhod/rwhod.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/rwhod/rwhod.c b/usr.sbin/rwhod/rwhod.c index c5605e2..4aa5498 100644 --- a/usr.sbin/rwhod/rwhod.c +++ b/usr.sbin/rwhod/rwhod.c @@ -223,7 +223,8 @@ usage: fprintf(stderr, "usage: rwhod [ -m [ ttl ] ]\n"); } if ((cp = index(myname, '.')) != NULL) *cp = '\0'; - strncpy(mywd.wd_hostname, myname, sizeof(myname) - 1); + strncpy(mywd.wd_hostname, myname, sizeof(mywd.wd_hostname) - 1); + mywd.wd_hostname[sizeof(mywd.wd_hostname) - 1] = '\0'; utmpf = open(_PATH_UTMP, O_RDONLY|O_CREAT, 0644); if (utmpf < 0) { syslog(LOG_ERR, "%s: %m", _PATH_UTMP); @@ -351,7 +352,7 @@ verify(name, maxlen) { register int size = 0; - while (*name && size < maxlen) { + while (*name && size < maxlen - 1) { if (!isascii(*name) || !(isalnum(*name) || ispunct(*name))) return (0); name++, size++; |