Fix PR2579: potential security hole in rcmd.c

Submitted by: Julian Assange
author: imp <imp@FreeBSD.org> 1997-02-09 06:54:46 +0000
committer: imp <imp@FreeBSD.org> 1997-02-09 06:54:46 +0000
commit: b0afeca2e2e6f1e44a1f422540e344c65583365d (patch)
tree: 712d6d8df3d628c115653c88afadcdbb4e62b833 /lib/libc
parent: bd9f01038415a71d8ba4081cc51d844240bfd3bf (diff)
download: FreeBSD-src-b0afeca2e2e6f1e44a1f422540e344c65583365d.zip
FreeBSD-src-b0afeca2e2e6f1e44a1f422540e344c65583365d.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c
index 77032e1..0aa99c3 100644
--- a/lib/libc/net/rcmd.c
+++ b/lib/libc/net/rcmd.c
@@ -104,7 +104,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
 		sin.sin_len = sizeof(struct sockaddr_in);
 		sin.sin_family = hp->h_addrtype;
 		sin.sin_port = rport;
-		bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
+		bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr));
 		if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
 			break;
 		(void)close(s);
@@ -125,7 +125,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
 			errno = oerrno;
 			perror(0);
 			hp->h_addr_list++;
-			bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length);
+			bcopy(hp->h_addr_list[0], &sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr));
 			(void)fprintf(stderr, "Trying %s...\n",
 			    inet_ntoa(sin.sin_addr));
 			continue;
author	imp <imp@FreeBSD.org>	1997-02-09 06:54:46 +0000
committer	imp <imp@FreeBSD.org>	1997-02-09 06:54:46 +0000
commit	b0afeca2e2e6f1e44a1f422540e344c65583365d (patch)
tree	712d6d8df3d628c115653c88afadcdbb4e62b833 /lib/libc
parent	bd9f01038415a71d8ba4081cc51d844240bfd3bf (diff)
download	FreeBSD-src-b0afeca2e2e6f1e44a1f422540e344c65583365d.zip FreeBSD-src-b0afeca2e2e6f1e44a1f422540e344c65583365d.tar.gz