Date: Fri, 09 Mar 2001 22:04:32 +0000 From: Brian Somers <brian@Awfulhak.org> To: Warner Losh <imp@harmony.village.org> Cc: Brian Somers <brian@Awfulhak.org>, freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Message-ID: <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> In-Reply-To: Message from Warner Losh <imp@harmony.village.org> of "Fri, 09 Mar 2001 14:38:08 MST." <200103092138.f29Lc8I10799@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> Brian Somers writes: > : Eivind has some patches in the pipeline here to return errors rather > : than truncating host names, so it was his work that found the actual > : overrun.... I figured I'd commit this and possibly ask for an MFC > : RSN so that we get this fixed for the -stable release. > : > : Ta. > : -- > : Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> > : <http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org> > : Don't _EVER_ lose your sense of humour ! > : > : Index: realhostname.c > : =================================================================== > : RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v > : retrieving revision 1.10 > : diff -u -r1.10 realhostname.c > : --- realhostname.c 2001/01/28 21:51:25 1.10 > : +++ realhostname.c 2001/03/09 21:12:01 > : @@ -52,7 +52,7 @@ > : int > : realhostname(char *host, size_t hsize, const struct in_addr *ip) > : { > : - char trimmed[MAXHOSTNAMELEN+1]; > : + char trimmed[MAXHOSTNAMELEN]; > : int result; > : struct hostent *hp; > : > : @@ -136,15 +136,15 @@ > : freeaddrinfo(ores); > : goto numeric; > : } > : - strncpy(buf, ores->ai_canonname, > : + strlcpy(buf, ores->ai_canonname, > : sizeof(buf)); > : trimdomain(buf, hsize); > : - strncpy(host, buf, hsize); > : - if (strlen(host) > hsize && > : + if (strlen(buf) > hsize && > : addr->sa_family == AF_INET) { > : freeaddrinfo(ores); > : goto numeric; > : } > : + strncpy(host, buf, hsize); > > Should likely use strlcpy. The returned string (host) is not meant to be terminated if the host fits exactly - eg, realhostname(ut.ut_host, UT_HOSTSIZE, ...). > Warner -- Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> <http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org> Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103092204.f29M4Wu05447>