From 8c96be00ef748f03f9e7f9f5934e7b0d53d1c872 Mon Sep 17 00:00:00 2001
From: imp <imp@FreeBSD.org>
Date: Tue, 9 Jun 1998 04:31:02 +0000
Subject: Don't assume that hp->h_lenght == 4.  Be conservative in its use.
 Submitted by:	 J. Assange a long time ago.

---
 usr.bin/finger/net.c      |  5 +++--
 usr.bin/ftp/ftp.c         | 17 +++++++++--------
 usr.bin/quota/quota.c     |  4 ++--
 usr.bin/rpcinfo/rpcinfo.c | 11 +++++++----
 usr.bin/telnet/commands.c | 17 ++++++++++-------
 usr.bin/tftp/main.c       | 22 ++++++++++++++--------
 6 files changed, 45 insertions(+), 31 deletions(-)

(limited to 'usr.bin')

diff --git a/usr.bin/finger/net.c b/usr.bin/finger/net.c
index 5c4b2f01..7d7b25c 100644
--- a/usr.bin/finger/net.c
+++ b/usr.bin/finger/net.c
@@ -39,11 +39,12 @@
 static char sccsid[] = "@(#)net.c	8.4 (Berkeley) 4/28/95";
 #else
 static const char rcsid[] =
-	"$Id: net.c,v 1.8 1997/07/02 06:34:50 charnier Exp $";
+	"$Id: net.c,v 1.9 1997/08/01 20:10:44 wollman Exp $";
 #endif
 #endif /* not lint */
 
 #include <sys/types.h>
+#include <sys/param.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -96,7 +97,7 @@ netfinger(name)
 		return;
 	}
 	sin.sin_family = hp->h_addrtype;
-	bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length);
+	bcopy(hp->h_addr, (char *)&sin.sin_addr, MIN(hp->h_length,sizeof(sin.sin_addr)));
 	sin.sin_port = sp->s_port;
 	if ((s = socket(hp->h_addrtype, SOCK_STREAM, 0)) < 0) {
 		perror("finger: socket");
diff --git a/usr.bin/ftp/ftp.c b/usr.bin/ftp/ftp.c
index 305acd1..8d92be24 100644
--- a/usr.bin/ftp/ftp.c
+++ b/usr.bin/ftp/ftp.c
@@ -1,4 +1,4 @@
-/*	$Id: ftp.c,v 1.11 1997/12/13 20:38:17 pst Exp $	*/
+/*	$Id: ftp.c,v 1.12 1997/12/16 08:22:37 ache Exp $	*/
 /*	$NetBSD: ftp.c,v 1.29.2.1 1997/11/18 01:01:04 mellon Exp $	*/
 
 /*
@@ -39,7 +39,7 @@
 #if 0
 static char sccsid[] = "@(#)ftp.c	8.6 (Berkeley) 10/27/94";
 #else
-__RCSID("$Id: ftp.c,v 1.11 1997/12/13 20:38:17 pst Exp $");
+__RCSID("$Id: ftp.c,v 1.12 1997/12/16 08:22:37 ache Exp $");
 __RCSID_SOURCE("$NetBSD: ftp.c,v 1.29.2.1 1997/11/18 01:01:04 mellon Exp $");
 #endif
 #endif /* not lint */
@@ -95,8 +95,7 @@ hookup(host, port)
 	memset((void *)&hisctladdr, 0, sizeof(hisctladdr));
 	if (inet_aton(host, &hisctladdr.sin_addr) != 0) {
 		hisctladdr.sin_family = AF_INET;
-		(void)strncpy(hostnamebuf, host, sizeof(hostnamebuf) - 1);
-		hostnamebuf[sizeof(hostnamebuf) - 1] = '\0';
+		(void) strncpy(hostnamebuf, host, sizeof(hostnamebuf));
 	} else {
 		hp = gethostbyname(host);
 		if (hp == NULL) {
@@ -105,10 +104,11 @@ hookup(host, port)
 			return ((char *) 0);
 		}
 		hisctladdr.sin_family = hp->h_addrtype;
-		memcpy(&hisctladdr.sin_addr, hp->h_addr, hp->h_length);
-		(void)strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf) - 1);
-		hostnamebuf[sizeof(hostnamebuf) - 1] = '\0';
+		memcpy(&hisctladdr.sin_addr, hp->h_addr_list[0], 
+			MIN(hp->h_length,sizeof(hisctladdr.sin_addr)));
+		(void) strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf));
 	}
+	hostnamebuf[sizeof(hostnamebuf) - 1] = '\0';
 	hostname = hostnamebuf;
 	s = socket(hisctladdr.sin_family, SOCK_STREAM, 0);
 	if (s < 0) {
@@ -127,7 +127,8 @@ hookup(host, port)
 			errno = oerrno;
 			warn("connect to address %s", ia);
 			hp->h_addr_list++;
-			memcpy(&hisctladdr.sin_addr, hp->h_addr, hp->h_length);
+			memcpy(&hisctladdr.sin_addr, hp->h_addr_list[0], 
+				MIN(hp->h_length,sizeof(hisctladdr.sin_addr)));
 			printf("Trying %s...\n",
 			    inet_ntoa(hisctladdr.sin_addr));
 			(void)close(s);
diff --git a/usr.bin/quota/quota.c b/usr.bin/quota/quota.c
index e15164a..5081645 100644
--- a/usr.bin/quota/quota.c
+++ b/usr.bin/quota/quota.c
@@ -45,7 +45,7 @@ static const char copyright[] =
 static char sccsid[] = "from: @(#)quota.c	8.1 (Berkeley) 6/6/93";
 #endif
 static const char rcsid[] =
-	"$Id: quota.c,v 1.7 1997/08/04 06:45:11 charnier Exp $";
+	"$Id: quota.c,v 1.8 1998/01/20 12:53:43 bde Exp $";
 #endif /* not lint */
 
 /*
@@ -692,7 +692,7 @@ callaurpc(host, prognum, versnum, procnum, inproc, in, outproc, out)
 		return ((int) RPC_UNKNOWNHOST);
 	timeout.tv_usec = 0;
 	timeout.tv_sec = 6;
-	bcopy(hp->h_addr, &server_addr.sin_addr, hp->h_length);
+	bcopy(hp->h_addr, &server_addr.sin_addr, MIN(hp->h_length,sizeof(server_addr.sin_addr)));
 	server_addr.sin_family = AF_INET;
 	server_addr.sin_port =  0;
 
diff --git a/usr.bin/rpcinfo/rpcinfo.c b/usr.bin/rpcinfo/rpcinfo.c
index d5161d0..f6cae71 100644
--- a/usr.bin/rpcinfo/rpcinfo.c
+++ b/usr.bin/rpcinfo/rpcinfo.c
@@ -2,7 +2,7 @@
 /*static char sccsid[] = "from: @(#)rpcinfo.c 1.22 87/08/12 SMI";*/
 /*static char sccsid[] = "from: @(#)rpcinfo.c	2.2 88/08/11 4.0 RPCSRC";*/
 static char rcsid[] =
-	"$Id: rpcinfo.c,v 1.5 1997/03/29 04:31:57 imp Exp $";
+	"$Id: rpcinfo.c,v 1.6 1997/08/06 06:49:06 charnier Exp $";
 #endif
 
 /*
@@ -52,6 +52,8 @@ static char rcsid[] =
 #include <rpc/pmap_prot.h>
 #include <rpc/pmap_clnt.h>
 #include <signal.h>
+#include <ctype.h>
+#include <sys/param.h>
 
 #define MAXHOSTLEN 256
 
@@ -496,7 +498,7 @@ pmapdump(argc, argv)
 		server_addr.sin_family = AF_INET;
 		if ((hp = gethostbyname("localhost")) != NULL)
 			bcopy(hp->h_addr, (caddr_t)&server_addr.sin_addr,
-			    hp->h_length);
+			    MIN(hp->h_length,sizeof(server_addr.sin_addr)));
 		else
 			server_addr.sin_addr.s_addr = inet_addr("0.0.0.0");
 	}
@@ -653,8 +655,9 @@ get_inet_address(addr, host)
 	addr->sin_addr.s_addr = (u_long) inet_addr(host);
 	if (addr->sin_addr.s_addr == -1 || addr->sin_addr.s_addr == 0) {
 		if ((hp = gethostbyname(host)) == NULL)
-			errx(1, "%s is unknown host", host);
-		bcopy(hp->h_addr, (char *)&addr->sin_addr, hp->h_length);
+			errx(1, "%s is unknown host\n", host);
+		bcopy(hp->h_addr, (char *)&addr->sin_addr, 
+			MIN(hp->h_length,sizeof(addr->sin_addr)));
 	}
 	addr->sin_family = AF_INET;
 }
diff --git a/usr.bin/telnet/commands.c b/usr.bin/telnet/commands.c
index 0d190cb..c3e1f87 100644
--- a/usr.bin/telnet/commands.c
+++ b/usr.bin/telnet/commands.c
@@ -2201,9 +2201,11 @@ tn(argc, argv)
 		sin.sin_family = host->h_addrtype;
 #if	defined(h_addr)		/* In 4.3, this is a #define */
 		memmove((caddr_t)&sin.sin_addr,
-				host->h_addr_list[0], host->h_length);
+				host->h_addr_list[0], 
+				MIN(host->h_length, sizeof(sin.sin_addr)));
 #else	/* defined(h_addr) */
-		memmove((caddr_t)&sin.sin_addr, host->h_addr, host->h_length);
+		memmove((caddr_t)&sin.sin_addr, host->h_addr, 
+				MIN(host->h_length, sizeof(sin.sin_addr)));
 #endif	/* defined(h_addr) */
 		strncpy(_hostname, host->h_name, sizeof(_hostname));
 		_hostname[sizeof(_hostname)-1] = '\0';
@@ -2294,8 +2296,8 @@ tn(argc, argv)
 		errno = oerrno;
 		perror((char *)0);
 		host->h_addr_list++;
-		memcpy((caddr_t)&sin.sin_addr,
-			host->h_addr_list[0], host->h_length);
+		memcpy((caddr_t)&sin.sin_addr, host->h_addr_list[0], 
+				MIN(host->h_length, sizeof(sin.sin_addr)));
 		(void) NetClose(net);
 		continue;
 	    }
@@ -2779,10 +2781,11 @@ sourceroute(arg, cpp, lenp)
 			sin_addr.s_addr = tmp;
 		} else if (host = gethostbyname(cp)) {
 #if	defined(h_addr)
-			memcpy((caddr_t)&sin_addr,
-				host->h_addr_list[0], host->h_length);
+			memcpy((caddr_t)&sin_addr, host->h_addr_list[0], 
+					MIN(host->h_length,sizeof(sin_addr)));
 #else
-			memcpy((caddr_t)&sin_addr, host->h_addr, host->h_length);
+			memcpy((caddr_t)&sin_addr, host->h_addr, 
+					MIN(host->h_length,sizeof(sin_addr)));
 #endif
 		} else {
 			*cpp = cp;
diff --git a/usr.bin/tftp/main.c b/usr.bin/tftp/main.c
index 5c9376d..d767463 100644
--- a/usr.bin/tftp/main.c
+++ b/usr.bin/tftp/main.c
@@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)main.c	8.1 (Berkeley) 6/6/93";
 #endif
 static const char rcsid[] =
-	"$Id$";
+	"$Id: main.c,v 1.5 1997/08/14 06:47:39 charnier Exp $";
 #endif /* not lint */
 
 /* Many bug fixes are from Jim Guyton <guyton@rand-unix> */
@@ -54,6 +54,7 @@ static const char rcsid[] =
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/file.h>
+#include <sys/param.h>
 
 #include <netinet/in.h>
 
@@ -204,8 +205,9 @@ setpeer(argc, argv)
 	host = gethostbyname(argv[1]);
 	if (host) {
 		peeraddr.sin_family = host->h_addrtype;
-		bcopy(host->h_addr, &peeraddr.sin_addr, host->h_length);
-		strcpy(hostname, host->h_name);
+		bcopy(host->h_addr, &peeraddr.sin_addr, 
+			MIN(sizeof(peeraddr.sin_addr), host->h_length));
+		strncpy(hostname, host->h_name, sizeof(hostname));
 	} else {
 		peeraddr.sin_family = AF_INET;
 		peeraddr.sin_addr.s_addr = inet_addr(argv[1]);
@@ -214,8 +216,9 @@ setpeer(argc, argv)
 			printf("%s: unknown host\n", argv[1]);
 			return;
 		}
-		strcpy(hostname, argv[1]);
+		strncpy(hostname, argv[1], sizeof(hostname));
 	}
+	hostname[sizeof(hostname) - 1] = '\0';
 	port = sp->s_port;
 	if (argc == 3) {
 		port = atoi(argv[2]);
@@ -348,10 +351,12 @@ put(argc, argv)
 			herror((char *)NULL);
 			return;
 		}
-		bcopy(hp->h_addr, (caddr_t)&peeraddr.sin_addr, hp->h_length);
+		bcopy(hp->h_addr, (caddr_t)&peeraddr.sin_addr, 
+			MIN(sizeof(peeraddr.sin_addr), hp->h_length));
 		peeraddr.sin_family = hp->h_addrtype;
 		connected = 1;
-		strcpy(hostname, hp->h_name);
+		strncpy(hostname, hp->h_name, sizeof(hostname));
+		hostname[sizeof(hostname) - 1] = '\0';
 	}
 	if (!connected) {
 		printf("No target machine specified.\n");
@@ -445,10 +450,11 @@ get(argc, argv)
 				continue;
 			}
 			bcopy(hp->h_addr, (caddr_t)&peeraddr.sin_addr,
-			    hp->h_length);
+			    MIN(sizeof(peeraddr.sin_addr), hp->h_length));
 			peeraddr.sin_family = hp->h_addrtype;
 			connected = 1;
-			strcpy(hostname, hp->h_name);
+			strncpy(hostname, hp->h_name, sizeof(hostname));
+			hostname[sizeof(hostname) - 1] = '\0';
 		}
 		if (argc < 4) {
 			cp = argc == 3 ? argv[2] : tail(src);
-- 
cgit v1.1