Fix minor buffer problems:

Off by one in verify allowed one to march one byte off the end of wd.wd_hostname if wd.wd_hostname had no NUL characters in it. strncpy of myname into mywd used the source buffer's length, rather than the dest.
author: imp <imp@FreeBSD.org> 1996-11-01 06:29:34 +0000
committer: imp <imp@FreeBSD.org> 1996-11-01 06:29:34 +0000
commit: a508b60adccd07a870fde8211a648f3350f35aa6 (patch)
tree: 6cda7818c9592d8e8faa8973600f3d736d8b76b1 /usr.sbin/rwhod
parent: 259bccfa492f72406c4205a16808d8749926d8ea (diff)
download: FreeBSD-src-a508b60adccd07a870fde8211a648f3350f35aa6.zip
FreeBSD-src-a508b60adccd07a870fde8211a648f3350f35aa6.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/rwhod/rwhod.c b/usr.sbin/rwhod/rwhod.c
index c5605e2..4aa5498 100644
--- a/usr.sbin/rwhod/rwhod.c
+++ b/usr.sbin/rwhod/rwhod.c
@@ -223,7 +223,8 @@ usage:		fprintf(stderr, "usage: rwhod [ -m [ ttl ] ]\n");
 	}
 	if ((cp = index(myname, '.')) != NULL)
 		*cp = '\0';
-	strncpy(mywd.wd_hostname, myname, sizeof(myname) - 1);
+	strncpy(mywd.wd_hostname, myname, sizeof(mywd.wd_hostname) - 1);
+	mywd.wd_hostname[sizeof(mywd.wd_hostname) - 1] = '\0';
 	utmpf = open(_PATH_UTMP, O_RDONLY|O_CREAT, 0644);
 	if (utmpf < 0) {
 		syslog(LOG_ERR, "%s: %m", _PATH_UTMP);
@@ -351,7 +352,7 @@ verify(name, maxlen)
 {
 	register int size = 0;
 
-	while (*name && size < maxlen) {
+	while (*name && size < maxlen - 1) {
 		if (!isascii(*name) || !(isalnum(*name) || ispunct(*name)))
 			return (0);
 		name++, size++;
author	imp <imp@FreeBSD.org>	1996-11-01 06:29:34 +0000
committer	imp <imp@FreeBSD.org>	1996-11-01 06:29:34 +0000
commit	a508b60adccd07a870fde8211a648f3350f35aa6 (patch)
tree	6cda7818c9592d8e8faa8973600f3d736d8b76b1 /usr.sbin/rwhod
parent	259bccfa492f72406c4205a16808d8749926d8ea (diff)
download	FreeBSD-src-a508b60adccd07a870fde8211a648f3350f35aa6.zip FreeBSD-src-a508b60adccd07a870fde8211a648f3350f35aa6.tar.gz