If we get back too much data to fit in result, return NULL. This avoids

a buffer overflow, but might negatively impact those hosts who have enough aliases to fill MAXHOSTNAMELEN * 2 characters in them. Good candidate for merging back into -stable. Lightly tested by me, but it came from OpenBSD a while ago. Obtained from: OpenBSD
author: imp <imp@FreeBSD.org> 1998-06-09 05:06:27 +0000
committer: imp <imp@FreeBSD.org> 1998-06-09 05:06:27 +0000
commit: 887f1b959bf9f23a3fe49ec50ae1be5849ec31ed (patch)
tree: 2ea8c5f0541ee077d21a97e1a5379237440309e3 /usr.sbin/ypserv
parent: eba733f6ce5828610ebb5ad5135df36092373463 (diff)
download: FreeBSD-src-887f1b959bf9f23a3fe49ec50ae1be5849ec31ed.zip
FreeBSD-src-887f1b959bf9f23a3fe49ec50ae1be5849ec31ed.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.sbin/ypserv/yp_dnslookup.c b/usr.sbin/ypserv/yp_dnslookup.c
index f29750d..3ed3274 100644
--- a/usr.sbin/ypserv/yp_dnslookup.c
+++ b/usr.sbin/ypserv/yp_dnslookup.c
@@ -32,7 +32,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-	"$Id$";
+	"$Id: yp_dnslookup.c,v 1.13 1997/10/29 07:25:02 charnier Exp $";
 #endif /* not lint */
 
 /*
@@ -79,6 +79,10 @@ static char *parse(hp)
 	len = 16 + strlen(hp->h_name);
 	for (i = 0; hp->h_aliases[i]; i++)
 		len += strlen(hp->h_aliases[i]) + 1;
+	len++;
+
+	if (len > sizeof(result))
+		return(NULL);
 
 	bzero(result, sizeof(result));
author	imp <imp@FreeBSD.org>	1998-06-09 05:06:27 +0000
committer	imp <imp@FreeBSD.org>	1998-06-09 05:06:27 +0000
commit	887f1b959bf9f23a3fe49ec50ae1be5849ec31ed (patch)
tree	2ea8c5f0541ee077d21a97e1a5379237440309e3 /usr.sbin/ypserv
parent	eba733f6ce5828610ebb5ad5135df36092373463 (diff)
download	FreeBSD-src-887f1b959bf9f23a3fe49ec50ae1be5849ec31ed.zip FreeBSD-src-887f1b959bf9f23a3fe49ec50ae1be5849ec31ed.tar.gz