svn commit: r327619 - head/lib/libc/net
Warner Losh
imp at FreeBSD.org
Sat Jan 6 12:46:06 UTC 2018
Author: imp
Date: Sat Jan 6 12:46:04 2018
New Revision: 327619
URL: https://svnweb.freebsd.org/changeset/base/327619
Log:
The source strings are from the password database which guarantees
that the data going into it is sane. Out of an abundance of caution,
limit the string copies to prevent an overflow.
CID: 1019035
Modified:
head/lib/libc/net/rcmd.c
Modified: head/lib/libc/net/rcmd.c
==============================================================================
--- head/lib/libc/net/rcmd.c Sat Jan 6 12:45:59 2018 (r327618)
+++ head/lib/libc/net/rcmd.c Sat Jan 6 12:46:04 2018 (r327619)
@@ -457,8 +457,8 @@ again:
first = 0;
if ((pwd = getpwnam(luser)) == NULL)
return (-1);
- (void)strcpy(pbuf, pwd->pw_dir);
- (void)strcat(pbuf, "/.rhosts");
+ (void)strlcpy(pbuf, pwd->pw_dir, sizeof(pbuf));
+ (void)strlcat(pbuf, "/.rhosts", sizeof(pbuf));
/*
* Change effective uid while opening .rhosts. If root and
More information about the svn-src-all
mailing list