httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dgau...@hyperreal.org
Subject cvs commit: apachen/src/support logresolve.c
Date Tue, 20 Jan 1998 01:44:43 GMT
dgaudet     98/01/19 17:44:43

  Modified:    src/support logresolve.c
  Log:
  SECURITY: Fix a possible buffer overflow in logresolve.  This is
  only an issue on systems without a MAXDNAME define or where the
  resolver returns domain names longer than MAXDNAME.
  
  Reviewed by:    Martin Kraemer, Mark J Cox, Dean Gaudet, Randy Terbush
  
  Revision  Changes    Path
  1.9       +3 -1      apachen/src/support/logresolve.c
  
  Index: logresolve.c
  ===================================================================
  RCS file: /export/home/cvs/apachen/src/support/logresolve.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- logresolve.c	1997/09/14 22:48:09	1.8
  +++ logresolve.c	1998/01/20 01:44:42	1.9
  @@ -194,7 +194,9 @@
       else
   	cachehits++;
   
  -    strcpy(string, (*current)->hostname);
  +    /* size of string == MAXDNAME +1 */
  +    strncpy(string, (*current)->hostname, MAXDNAME);
  +    string[MAXDNAME] = '\0';
   }
   
   /*
  
  
  

Mime
View raw message