freebsd-skq/usr.sbin
Bill Paul 9ecc3726d9 Fix a very stupid heap corruption bug: in ypproc_match_2_svc(), when
we decide to do a DNS lookup, we NUL terminate the key string provided
by the client before passing it into the DNS lookup module. This is
actually wrong. Assume the key is 'foo.com'. In this case, key.keydat_val
will be "foo.com" and key.keydat_len will be 7 (seven characters; the
string is not NUL-terminated so it is not 8 as you might expect).
The string "foo.com" is actually allocated by the XDR routines when the
RPC request is decoded; exactly 7 bytes are allocated. By adding a NUL,
the string becomes "foo.com\0", but the '\0' goes into an 8th byte which
was never allocated for this string and which could be anywhere. The result
is that while the initial request may succeed, we could trash other
dynamically allocated structures (like, oh, I dunno, the circular map
cache queue?) and SEGV later. This is in fact what happens.

The fix is to copy the string into a larger local buffer and NUL-terminate
that buffer instead.

Crash first reported by: Ricky Chan <ricky@come.net.uk>
Bug finally located with: Electric Fence 2.0.5
1997-07-21 17:39:39 +00:00
..
ac compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
accton Show the real revision date and not the date that this 1997-06-23 04:03:49 +00:00
adduser cp -r' -> cp -R' 1997-07-18 12:05:43 +00:00
amd Delay free of mf->mf_mount in uninit_mntfs until it is no longer used. 1997-06-23 22:03:12 +00:00
apm compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
apmconf Use /dev/apm instead of /dev/apm0. 1996-03-18 20:35:17 +00:00
arp Removed inconsistent declaration of malloc(). `make world' with DESTDIR 1997-04-23 10:16:58 +00:00
bad144 Commit the longstanding bin/410 & kern/411 fix, in the hope that somebody 1995-12-01 11:07:01 +00:00
bootparamd Show the real revision date and not the date that this 1997-06-23 04:03:49 +00:00
cdcontrol Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
chown Activate the -h flag which tells chown/chgrp to work on the symlink itself 1997-03-31 13:03:49 +00:00
chroot compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
ckdist ckdist - a handy utility for verifying the sanity of a distribution. 1997-01-21 12:58:53 +00:00
config compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
cron NOSHARED takes a yes/YES no/NO value, not "true, false, hey mon!". 1997-06-29 06:03:42 +00:00
crunch compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
ctm compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
dev_mkdb compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
diskpart Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
edquota Show the real revision date and not the date that this 1997-06-23 04:03:49 +00:00
fdcontrol compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
fdformat Sort cross references. 1997-01-20 00:03:00 +00:00
fdwrite it's'' -> its'' where appropriate and typo fixes in time2posix.3. 1997-05-19 16:33:27 +00:00
inetd login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
iostat Remove -I/sys and add -I${.CURDIR}/../../sys 1997-07-13 11:51:28 +00:00
IPXrouted Major IPXrouted rework. 1997-07-06 07:38:36 +00:00
kbdcontrol Show the real revision date and not the date that this 1997-06-23 04:03:49 +00:00
kbdmap sysconfig -> rc.conf 1997-05-19 07:30:45 +00:00
kernbb Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
keyadmin This is the `key' program from NRL's IPv6 distribution, heavily 1996-06-17 19:47:57 +00:00
keyserv Correct the section number in the cross-reference for the publickey 1997-06-17 20:24:33 +00:00
kgmon compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
kvm_mkdb compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
lpr Add code to make sure that we don't overflow the buffer that we copy 1997-07-18 18:52:53 +00:00
lptcontrol Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
manctl Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
mixer Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
mkdosfs compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
mount_portalfs compare return value from getopt against -1 rather than EOF, per the final 1997-03-29 03:33:12 +00:00
mountd Merge WebNFS support from NetBSD. 1997-07-16 09:27:53 +00:00
moused compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
mptable Removed SMP_PRIVPAGES from options list. 1997-06-23 20:23:44 +00:00
mrouted NOSHARED takes a yes/YES no/NO value, not "true, false, hey mon!". 1997-06-29 06:03:42 +00:00
mtest Add the one line description of the man page at the top so 1996-12-15 23:02:48 +00:00
mtree Change FTS_PHYSICAL (not follow symlinks but return them) 1997-05-15 08:46:57 +00:00
named Don't override BINOWN and BINGRP by setting them to "bin". Use the 1997-05-17 11:53:03 +00:00
named.reload Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
named.restart Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
natd Suggest using /etc/services entry rather than a 1997-06-24 10:49:44 +00:00
ncrcontrol Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
ndc Check named_enable rather than just named_flags. 1997-06-18 01:55:19 +00:00
newsyslog Show the real revision date and not the date that this 1997-06-23 04:03:49 +00:00
nfsd compare return value from getopt against -1 rather than EOF, per the final 1997-03-29 03:33:12 +00:00
nologin An odd merge from 2.2 to -current. Somehow that 2.2 nologin.5 1997-03-03 06:47:27 +00:00
nslookup Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
pccard The pccard daemon doesn't support the 'class' parameter as stated in the 1997-02-26 15:55:10 +00:00
pciconf Unbreak this file some more: 1997-07-14 19:57:50 +00:00
pcvt NOSHARED takes a yes/YES no/NO value, not "true, false, hey mon!". 1997-06-29 06:03:42 +00:00
pkg_install Add proper md5 comments to ports-installed packages also by 1997-07-04 04:48:02 +00:00
portmap compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
ppp Allow a "hangup" capability. 1997-07-14 01:41:35 +00:00
pppctl Support "host:port" as first arg. 1997-07-12 19:26:49 +00:00
pppd kill the undead 1997-07-13 14:26:00 +00:00
pppstats Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
pstat Previous commit to remove -I/sys broke 'make world', miscfs/union/*.h is 1997-07-15 07:03:00 +00:00
pw getuid() -> geteuid(). 1997-07-17 08:37:47 +00:00
pwd_mkdb Document the -u option. 1997-04-04 00:49:35 +00:00
qcamcontrol compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
quot Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
quotaon compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
rarpd compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
repquota compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
rmt Buffer overflow from OpenBSD: 1997-02-09 05:09:05 +00:00
rndcontrol compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
rpc.lockd Typo fix: ${.DESTDIR} -> ${DESTDIR}. 1997-05-23 08:43:27 +00:00
rpc.statd Typo fix: ${.DESTDIR} -> ${DESTDIR}. 1997-05-23 08:43:27 +00:00
rpc.yppasswdd compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
rpc.ypupdated Clobber unneeded prototypes; in particular, the redeclaration of malloc() 1997-06-06 15:47:57 +00:00
rpc.ypxfrd Back out unnecessary overly-paranoid paranoia test from here too; yp_access() 1997-04-28 14:22:31 +00:00
rtprio Oops, had a couple of extra parens in a couple of lines. 1997-03-07 07:45:17 +00:00
rwhod Sort cross references. 1997-01-20 00:03:00 +00:00
sa Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
sade Repair missing quote. 1997-07-16 15:22:18 +00:00
sendmail Revive this file, it's come back from the dead in the 8.8.x dists. 1997-06-27 15:55:33 +00:00
sgsc Update to work under Lite2 includes 1997-03-11 15:57:44 +00:00
sicontrol Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
sliplogin Add FILES section to manpage. 1997-04-16 09:54:50 +00:00
slstat Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
spkrtest Fix a minor nit in the .Dd macro invocation so that 1997-06-23 04:52:13 +00:00
spray Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
stallion Submitted by: Greg Ungerer <gerg@stallion.oz.au> 1997-03-13 04:21:44 +00:00
sysctl Display tickadj in struct clockinfo. 1997-06-24 18:23:32 +00:00
sysinstall Repair missing quote. 1997-07-16 15:22:18 +00:00
syslogd Nobody ever seemed to be interested in reviewing these changes, and i 1997-05-03 22:17:43 +00:00
tcpdump Update Makefile to build tcpdump-3.3 . 1997-05-27 02:21:28 +00:00
timed Typo: .SH --> .Sh. 1997-05-25 19:11:26 +00:00
traceroute Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
trpt compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
tzsetup Fix a minor nit in the .Dd macro invocation so that 1997-06-23 04:52:13 +00:00
vidcontrol Update to compile under Lite2 includes 1997-03-11 14:25:31 +00:00
vipw compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
vnconfig compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
watch compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
wlconfig Make it build under 3.x 1997-05-23 04:04:17 +00:00
wormcontrol Fix a minor nit in the .Dd macro invocation so that 1997-06-23 04:52:13 +00:00
xntpd Add LC_TIME=C to date 1997-06-30 10:59:25 +00:00
xten Submitted by: Gene Stark, Steve Passe, and Robert Sexton (robert@kudra.com) 1997-06-24 03:21:47 +00:00
yp_mkdb fix a couple typos... 1997-04-15 07:06:15 +00:00
ypbind This commit adds support to ypbind(8) for binding to non-local servers. 1997-05-25 19:49:33 +00:00
yppoll Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
yppush compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
ypserv Fix a very stupid heap corruption bug: in ypproc_match_2_svc(), when 1997-07-21 17:39:39 +00:00
ypset Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
zic compare return value from getopt against -1 rather than EOF, per the final 1997-03-31 05:11:47 +00:00
Makefile Allow command line control of ppp through both 1997-06-28 01:04:54 +00:00
Makefile.inc