From 0cde5af39957d47be39dccb2c23851221c739115 Mon Sep 17 00:00:00 2001
From: kris <kris@FreeBSD.org>
Date: Wed, 23 Aug 2000 09:25:05 +0000
Subject: Fix for buffer overflow in command-line arguments to dnsquery(1)
 which will be appearing in 8.2.3

Approved by:	Paul A Vixie <vixie@mibh.net>
---
 contrib/bind/bin/dnsquery/dnsquery.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'contrib')

diff --git a/contrib/bind/bin/dnsquery/dnsquery.c b/contrib/bind/bin/dnsquery/dnsquery.c
index 218c8a8..31d5d62 100644
--- a/contrib/bind/bin/dnsquery/dnsquery.c
+++ b/contrib/bind/bin/dnsquery/dnsquery.c
@@ -80,7 +80,12 @@ main(int argc, char *argv[]) {
 		case 'p' :	res.retrans = atoi(optarg);
 				break;
 
-		case 'h' :	strcpy(name, optarg);
+		case 'h' :	if (strlen(optarg) >= sizeof(name)) {
+					fprintf(stderr,
+						"Domain name too long (%s)\n", optarg);
+					exit(-1);
+				} else
+					strcpy(name, optarg);
 				break;
 
 		case 'c' : {
@@ -158,7 +163,12 @@ main(int argc, char *argv[]) {
 		}
 	}
 	if (optind < argc)
-		strcpy(name, argv[optind]);
+		if (strlen(argv[optind]) >= sizeof(name)) {
+			fprintf(stderr,
+				"Domain name too long (%s)\n", argv[optind]);
+			exit(-1);
+		} else
+			strcpy(name, argv[optind]);
 
 	len = sizeof(answer);
 
-- 
cgit v1.1