Add code to make sure that we don't overflow the buffer that we copy

the hostname into. In theory the bind library should do this, but in practice the limites between system defines and bind defines make an attack using this vector possible. These patches have been in use on my systems for three months now, so I am fairly confident about them. I plan on commiting this to 2.2 and 2.1 in the near future, as well as many other patches of this nature.
svn path=/head/; revision=27511
2025-01-22 16:44:32 +01:00 · 1997-07-18 18:52:53 +00:00 · 1997-07-18 18:52:53 +00:00 · eb6c72e98f · 2020-12-20 02:59:44 +00:00
commit eb6c72e98f
parent fb9108baa9
1 changed files with 4 additions and 1 deletions
--- a/usr.sbin/lpr/common_source/common.c
+++ b/usr.sbin/lpr/common_source/common.c
@ -307,7 +307,10 @@ checkremote()
 			"unable to get official name for local machine %s",
 			name);
 		    return errbuf;
-		} else (void) strcpy(name, hp->h_name);
+		} else {
+		    (void) strncpy(name, hp->h_name, sizeof(name));
+		    name[sizeof(name) - 1] = '\0';
+		}

 		/* get the official name of RM */
 		hp = gethostbyname(RM);