diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | fake-getnameinfo.c | 10 |
2 files changed, 8 insertions, 6 deletions
@@ -1,6 +1,8 @@ | |||
1 | 20000926 | 1 | 20000926 |
2 | - (djm) Update X11-askpass to 1.0.2 in RPM spec file | 2 | - (djm) Update X11-askpass to 1.0.2 in RPM spec file |
3 | - (djm) Define _REENTRANT | 3 | - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX |
4 | - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c. | ||
5 | Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> | ||
4 | 6 | ||
5 | 20000924 | 7 | 20000924 |
6 | - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net> | 8 | - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net> |
diff --git a/fake-getnameinfo.c b/fake-getnameinfo.c index 867cf90b5..7b0098158 100644 --- a/fake-getnameinfo.c +++ b/fake-getnameinfo.c | |||
@@ -25,15 +25,15 @@ int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, | |||
25 | if (strlen(tmpserv) > servlen) | 25 | if (strlen(tmpserv) > servlen) |
26 | return EAI_MEMORY; | 26 | return EAI_MEMORY; |
27 | else | 27 | else |
28 | strcpy(serv, tmpserv); | 28 | strlcpy(serv, tmpserv, servlen); |
29 | } | 29 | } |
30 | 30 | ||
31 | if (host) { | 31 | if (host) { |
32 | if (flags & NI_NUMERICHOST) { | 32 | if (flags & NI_NUMERICHOST) { |
33 | if (strlen(inet_ntoa(sin->sin_addr)) > hostlen) | 33 | if (strlen(inet_ntoa(sin->sin_addr)) >= hostlen) |
34 | return EAI_MEMORY; | 34 | return EAI_MEMORY; |
35 | 35 | ||
36 | strcpy(host, inet_ntoa(sin->sin_addr)); | 36 | strlcpy(host, inet_ntoa(sin->sin_addr), hostlen); |
37 | return 0; | 37 | return 0; |
38 | } else { | 38 | } else { |
39 | hp = gethostbyaddr((char *)&sin->sin_addr, | 39 | hp = gethostbyaddr((char *)&sin->sin_addr, |
@@ -41,10 +41,10 @@ int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, | |||
41 | if (hp == NULL) | 41 | if (hp == NULL) |
42 | return EAI_NODATA; | 42 | return EAI_NODATA; |
43 | 43 | ||
44 | if (strlen(hp->h_name) > hostlen) | 44 | if (strlen(hp->h_name) >= hostlen) |
45 | return EAI_MEMORY; | 45 | return EAI_MEMORY; |
46 | 46 | ||
47 | strcpy(host, hp->h_name); | 47 | strlcpy(host, hp->h_name, hostlen); |
48 | return 0; | 48 | return 0; |
49 | } | 49 | } |
50 | } | 50 | } |