Buffer overflow from DNS name information which could cause root access

when called from lpd. Reviewed by: jkh, pst Submitted by: Oliver Friedrichs <oliver@secnet.com>
1997-02-26 06:12:34 +00:00 · 1997-02-26 06:12:34 +00:00 · e4fd3a8bf7
commit e4fd3a8bf7
parent 9b8d4bd38a
1 changed files with 2 additions and 1 deletions
--- a/lib/libc/net/rcmd.c
+++ b/lib/libc/net/rcmd.c
@ -393,7 +393,8 @@ __ivaliduser(hostf, raddr, luser, ruser)
 	if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long),
 							AF_INET)) == NULL)
 		return (-1);
-	strcpy(hname, hp->h_name);
+	strncpy(hname, hp->h_name, sizeof(hname));
+	hname[sizeof(hname) - 1] = '\0';

 	while (fgets(buf, sizeof(buf), hostf)) {
 		p = buf;