From 66fd98fe99539ebe9f52ce19a693ce3da8a6ab34 Mon Sep 17 00:00:00 2001
From: imp <imp@FreeBSD.org>
Date: Wed, 24 Dec 1997 19:38:18 +0000
Subject: Be extra paranoid about the length of data returned from
 gethostbyaddr or gethostbyname. Submitted by:	Julian Assange

---
 libexec/mail.local/mail.local.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'libexec/mail.local')

diff --git a/libexec/mail.local/mail.local.c b/libexec/mail.local/mail.local.c
index f324967..5a10c28 100644
--- a/libexec/mail.local/mail.local.c
+++ b/libexec/mail.local/mail.local.c
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: mail.local.c,v 1.13 1997/03/28 15:48:13 imp Exp $
+ *	$Id: mail.local.c,v 1.14 1997/11/13 23:14:34 alex Exp $
  */
 
 #ifndef lint
@@ -370,7 +370,7 @@ notifybiff(msg)
 			return;
 		}
 		addr.sin_family = hp->h_addrtype;
-		memmove(&addr.sin_addr, hp->h_addr, hp->h_length);
+		memmove(&addr.sin_addr, hp->h_addr, MIN(hp->h_length,sizeof(addr.sin_addr)));
 		addr.sin_port = sp->s_port;
 	}
 	if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
-- 
cgit v1.1