svn commit: r299573 - head/usr.sbin/ypbind

Thu May 12 21:35:42 UTC 2016

Author: truckman
Date: Thu May 12 21:35:40 2016
New Revision: 299573
URL: https://svnweb.freebsd.org/changeset/base/299573

Log:
  Use strlcpy() instead of strncpy() when copying to dom_domain to
  ensure that the latter is NUL terminated since it is passed
  as an argument to *printf().
  
  Warn about NIS domains that are too long.
  
  Reported by:	Coverity
  CID:		1009620, 1009621
  MFH:		1 week

Modified:
  head/usr.sbin/ypbind/ypbind.c

Modified: head/usr.sbin/ypbind/ypbind.c
==============================================================================

--- head/usr.sbin/ypbind/ypbind.c	Thu May 12 21:30:22 2016	(r299572)
+++ head/usr.sbin/ypbind/ypbind.c	Thu May 12 21:35:40 2016	(r299573)
@@ -199,6 +199,11 @@ rejecting.", *argp);
 			res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
 			return (&res);
 		}
+		if (strlen(*argp) > YPMAXDOMAIN) {
+			syslog(LOG_WARNING, "domain %s too long", *argp);
+			res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
+			return (&res);
+		}
 		ypdb = malloc(sizeof *ypdb);
 		if (ypdb == NULL) {
 			syslog(LOG_WARNING, "malloc: %m");
@@ -206,7 +211,7 @@ rejecting.", *argp);
 			return (&res);
 		}
 		bzero(ypdb, sizeof *ypdb);
-		strncpy(ypdb->dom_domain, *argp, sizeof ypdb->dom_domain);
+		strlcpy(ypdb->dom_domain, *argp, sizeof ypdb->dom_domain);
 		ypdb->dom_vers = YPVERS;
 		ypdb->dom_alive = 0;
 		ypdb->dom_default = 0;
@@ -416,6 +421,9 @@ main(int argc, char *argv[])
 			errx(1, "unknown option: %s", argv[i]);
 	}
 
+	if (strlen(domain_name) > YPMAXDOMAIN)
+		warnx("truncating domain name %s", domain_name);
+
 	/* blow away everything in BINDINGDIR (if it exists) */
 
 	if ((dird = opendir(BINDINGDIR)) != NULL) {
@@ -456,7 +464,7 @@ main(int argc, char *argv[])
 	if (ypbindlist == NULL)
 		errx(1, "malloc");
 	bzero(ypbindlist, sizeof *ypbindlist);
-	strncpy(ypbindlist->dom_domain, domain_name, sizeof ypbindlist->dom_domain);
+	strlcpy(ypbindlist->dom_domain, domain_name, sizeof ypbindlist->dom_domain);
 	ypbindlist->dom_vers = YPVERS;
 	ypbindlist->dom_alive = 0;
 	ypbindlist->dom_lockfd = -1;
@@ -886,13 +894,17 @@ rpc_received(char *dom, struct sockaddr_
 	if (ypdb == NULL) {
 		if (force == 0)
 			return;
+		if (strlen(dom) > YPMAXDOMAIN) {
+			syslog(LOG_WARNING, "domain %s too long", dom);
+			return;
+		}
 		ypdb = malloc(sizeof *ypdb);
 		if (ypdb == NULL) {
 			syslog(LOG_WARNING, "malloc: %m");
 			return;
 		}
 		bzero(ypdb, sizeof *ypdb);
-		strncpy(ypdb->dom_domain, dom, sizeof ypdb->dom_domain);
+		strlcpy(ypdb->dom_domain, dom, sizeof ypdb->dom_domain);
 		ypdb->dom_lockfd = -1;
 		ypdb->dom_default = 0;
 		ypdb->dom_pnext = ypbindlist;
