926ea2c6c1
* bump NEED_VERSION * security fix: buffer overflow in DNS resolver * includes other bugfixes * some strcpy/strncpy/sprintf calls changed to strlcpy/snprintf
33 lines
1.6 KiB
Plaintext
33 lines
1.6 KiB
Plaintext
$OpenBSD: patch-dns_resolv_c,v 1.3 2002/04/17 16:17:45 danh Exp $
|
|
--- dns_resolv.c.orig Wed Apr 17 11:45:23 2002
|
|
+++ dns_resolv.c Wed Apr 17 11:46:53 2002
|
|
@@ -153,7 +153,7 @@ void resolve_dns(struct log_struct *log_
|
|
case 0:
|
|
{
|
|
memcpy(&alignedRecord, response.data, sizeof(struct dnsRecord));
|
|
- strncpy (log_rec->hostname,
|
|
+ strlcpy (log_rec->hostname,
|
|
((struct dnsRecord *)response.data)->hostName,
|
|
MAXHOST);
|
|
log_rec->hostname[MAXHOST]=0;
|
|
@@ -263,7 +263,7 @@ int dns_resolver(void *log_fp)
|
|
continue; /* go get next record if any */
|
|
}
|
|
|
|
- strcpy(tmp_buf, buffer); /* save buffer in case of error */
|
|
+ strlcpy(tmp_buf, buffer, sizeof tmp_buf); /* save buffer in case of error */
|
|
if(parse_record(buffer)) /* parse the record */
|
|
{
|
|
if((log_rec.addr.s_addr = inet_addr(log_rec.hostname)) != INADDR_NONE)
|
|
@@ -446,8 +446,8 @@ static void process_list(DNODEPTR l_list
|
|
|
|
/* If long hostname, take max domain name part */
|
|
if ((size = strlen(res_ent->h_name)) > MAXHOST-2)
|
|
- strcpy(child_buf,(res_ent->h_name+(size-MAXHOST+1)));
|
|
- else strcpy(child_buf, res_ent->h_name);
|
|
+ strlcpy(child_buf,(res_ent->h_name+(size-MAXHOST+1)),sizeof child_buf);
|
|
+ else strlcpy(child_buf, res_ent->h_name, sizeof child_buf);
|
|
size = strlen(child_buf);
|
|
}
|
|
else
|