From 471595b02cb6f82eabf21a63dcb354516fd4567a Mon Sep 17 00:00:00 2001 From: Warner Losh Date: Fri, 1 Nov 1996 06:29:34 +0000 Subject: [PATCH] Fix minor buffer problems: Off by one in verify allowed one to march one byte off the end of wd.wd_hostname if wd.wd_hostname had no NUL characters in it. strncpy of myname into mywd used the source buffer's length, rather than the dest. --- usr.sbin/rwhod/rwhod.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr.sbin/rwhod/rwhod.c b/usr.sbin/rwhod/rwhod.c index c5605e2e48a..4aa54984110 100644 --- a/usr.sbin/rwhod/rwhod.c +++ b/usr.sbin/rwhod/rwhod.c @@ -223,7 +223,8 @@ usage: fprintf(stderr, "usage: rwhod [ -m [ ttl ] ]\n"); } if ((cp = index(myname, '.')) != NULL) *cp = '\0'; - strncpy(mywd.wd_hostname, myname, sizeof(myname) - 1); + strncpy(mywd.wd_hostname, myname, sizeof(mywd.wd_hostname) - 1); + mywd.wd_hostname[sizeof(mywd.wd_hostname) - 1] = '\0'; utmpf = open(_PATH_UTMP, O_RDONLY|O_CREAT, 0644); if (utmpf < 0) { syslog(LOG_ERR, "%s: %m", _PATH_UTMP); @@ -351,7 +352,7 @@ verify(name, maxlen) { register int size = 0; - while (*name && size < maxlen) { + while (*name && size < maxlen - 1) { if (!isascii(*name) || !(isalnum(*name) || ispunct(*name))) return (0); name++, size++; -- 2.45.2