If we get back too much data to fit in result, return NULL. This avoids

a buffer overflow, but might negatively impact those hosts who have enough aliases to fill MAXHOSTNAMELEN * 2 characters in them. Good candidate for merging back into -stable. Lightly tested by me, but it came from OpenBSD a while ago. Obtained from: OpenBSD
svn path=/head/; revision=36797
1998-06-09 05:06:27 +00:00 · 1998-06-09 05:06:27 +00:00 · 67d3ec9a0f · 2020-12-20 02:59:44 +00:00
commit 67d3ec9a0f
parent d944ccabfc
1 changed files with 5 additions and 1 deletions
--- a/usr.sbin/ypserv/yp_dnslookup.c
+++ b/usr.sbin/ypserv/yp_dnslookup.c
@ -32,7 +32,7 @@

 #ifndef lint
 static const char rcsid[] =
-	"$Id$";
+	"$Id: yp_dnslookup.c,v 1.13 1997/10/29 07:25:02 charnier Exp $";
 #endif /* not lint */

 /*
@ -79,6 +79,10 @@ static char *parse(hp)
 	len = 16 + strlen(hp->h_name);
 	for (i = 0; hp->h_aliases[i]; i++)
 		len += strlen(hp->h_aliases[i]) + 1;
+	len++;
+
+	if (len > sizeof(result))
+		return(NULL);

 	bzero(result, sizeof(result));