From e4fd3a8bf766094c56e30b800b04980f0e2fcf79 Mon Sep 17 00:00:00 2001
From: imp <imp@FreeBSD.org>
Date: Wed, 26 Feb 1997 06:12:34 +0000
Subject: [PATCH] Buffer overflow from DNS name information which could cause
 root access when called from lpd.

Reviewed by:	jkh, pst
Submitted by:	Oliver Friedrichs <oliver@secnet.com>
---
 lib/libc/net/rcmd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c
index 0aa99c37d970..ff108d9d03d4 100644
--- a/lib/libc/net/rcmd.c
+++ b/lib/libc/net/rcmd.c
@@ -393,7 +393,8 @@ __ivaliduser(hostf, raddr, luser, ruser)
 	if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long),
 							AF_INET)) == NULL)
 		return (-1);
-	strcpy(hname, hp->h_name);
+	strncpy(hname, hp->h_name, sizeof(hname));
+	hname[sizeof(hname) - 1] = '\0';
 
 	while (fgets(buf, sizeof(buf), hostf)) {
 		p = buf;