From 887f1b959bf9f23a3fe49ec50ae1be5849ec31ed Mon Sep 17 00:00:00 2001 From: imp Date: Tue, 9 Jun 1998 05:06:27 +0000 Subject: If we get back too much data to fit in result, return NULL. This avoids a buffer overflow, but might negatively impact those hosts who have enough aliases to fill MAXHOSTNAMELEN * 2 characters in them. Good candidate for merging back into -stable. Lightly tested by me, but it came from OpenBSD a while ago. Obtained from: OpenBSD --- usr.sbin/ypserv/yp_dnslookup.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'usr.sbin/ypserv') diff --git a/usr.sbin/ypserv/yp_dnslookup.c b/usr.sbin/ypserv/yp_dnslookup.c index f29750d..3ed3274 100644 --- a/usr.sbin/ypserv/yp_dnslookup.c +++ b/usr.sbin/ypserv/yp_dnslookup.c @@ -32,7 +32,7 @@ #ifndef lint static const char rcsid[] = - "$Id$"; + "$Id: yp_dnslookup.c,v 1.13 1997/10/29 07:25:02 charnier Exp $"; #endif /* not lint */ /* @@ -79,6 +79,10 @@ static char *parse(hp) len = 16 + strlen(hp->h_name); for (i = 0; hp->h_aliases[i]; i++) len += strlen(hp->h_aliases[i]) + 1; + len++; + + if (len > sizeof(result)) + return(NULL); bzero(result, sizeof(result)); -- cgit v1.1