diff options
author | imp <imp@FreeBSD.org> | 1997-02-09 06:54:46 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1997-02-09 06:54:46 +0000 |
commit | b0afeca2e2e6f1e44a1f422540e344c65583365d (patch) | |
tree | 712d6d8df3d628c115653c88afadcdbb4e62b833 /lib/libc/net/rcmd.c | |
parent | bd9f01038415a71d8ba4081cc51d844240bfd3bf (diff) | |
download | FreeBSD-src-b0afeca2e2e6f1e44a1f422540e344c65583365d.zip FreeBSD-src-b0afeca2e2e6f1e44a1f422540e344c65583365d.tar.gz |
Fix PR2579: potential security hole in rcmd.c
Submitted by: Julian Assange
Diffstat (limited to 'lib/libc/net/rcmd.c')
-rw-r--r-- | lib/libc/net/rcmd.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c index 77032e1..0aa99c3 100644 --- a/lib/libc/net/rcmd.c +++ b/lib/libc/net/rcmd.c @@ -104,7 +104,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p) sin.sin_len = sizeof(struct sockaddr_in); sin.sin_family = hp->h_addrtype; sin.sin_port = rport; - bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length); + bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr)); if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) break; (void)close(s); @@ -125,7 +125,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p) errno = oerrno; perror(0); hp->h_addr_list++; - bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length); + bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr)); (void)fprintf(stderr, "Trying %s...\n", inet_ntoa(sin.sin_addr)); continue; |