From owner-freebsd-audit  Tue Jan 30 20: 1:42 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193])
	by hub.freebsd.org (Postfix) with ESMTP id 4B6A737B6B0
	for <FreeBSD-audit@freebsd.org>; Tue, 30 Jan 2001 20:01:24 -0800 (PST)
Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190])
	by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id f0V41Nu343787
	for <FreeBSD-audit@freebsd.org>; Tue, 30 Jan 2001 23:01:23 -0500 (EST)
Received: from enterprise.muriel.penguinpowered.com ([198.82.100.151])
 by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10)
 with ESMTP id <0G8000KE9DU9MT@gkar.cc.vt.edu> for FreeBSD-audit@freebsd.org;
 Tue, 30 Jan 2001 23:01:21 -0500 (EST)
Date: Tue, 30 Jan 2001 23:01:21 -0500 (EST)
From: Mike Heffner <mheffner@vt.edu>
Subject: patch for libc/net/hesiod.c
To: FreeBSD-audit <FreeBSD-audit@freebsd.org>
Message-id: <XFMail.20010130230121.mheffner@vt.edu>
MIME-version: 1.0
X-Mailer: XFMail 1.4.6-3 on FreeBSD
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 8bit
X-Priority: 3 (Normal)
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This patch fixes some string overflow issues in the hesiod(3) functions in libc.

Reviews?


Index: hesiod.c
===================================================================
RCS file: /home/ncvs/src/lib/libc/net/hesiod.c,v
retrieving revision 1.3
diff -u -r1.3 hesiod.c
--- hesiod.c    2000/09/30 17:29:54     1.3
+++ hesiod.c    2001/01/31 03:13:37
@@ -162,7 +162,7 @@
        const char      *rhs;
        int              len;
 
-       strcpy(bindname, name);
+       strlcpy(bindname, name, sizeof(bindname));
 
                /*
                 * Find the right right hand side to use, possibly
@@ -197,17 +197,17 @@
                return NULL;
        }
                /* Put together the rest of the domain. */
-       strcat(bindname, ".");
-       strcat(bindname, type);
+       strlcat(bindname, ".", sizeof(bindname));
+       strlcat(bindname, type, sizeof(bindname));
                /* Only append lhs if it isn't empty. */
        if (ctx->lhs && ctx->lhs[0] != '\0' ) {
                if (ctx->lhs[0] != '.')
-                       strcat(bindname, ".");
-               strcat(bindname, ctx->lhs);
+                       strlcat(bindname, ".", sizeof(bindname));
+               strlcat(bindname, ctx->lhs, sizeof(bindname));
        }
        if (rhs[0] != '.')
-               strcat(bindname, ".");
-       strcat(bindname, rhs);
+               strlcat(bindname, ".", sizeof(bindname));
+       strlcat(bindname, rhs, sizeof(bindname));
 
                /* rhs_list is no longer needed, since we're done with rhs. */
        if (rhs_list)

-- 

  Mike Heffner       <mheffner@vt.edu>
  Blacksburg, VA           ICQ# 882073
  http://filebox.vt.edu/users/mheffner



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message