dgaudet 98/01/19 17:44:43
Modified: src/support logresolve.c
Log:
SECURITY: Fix a possible buffer overflow in logresolve. This is
only an issue on systems without a MAXDNAME define or where the
resolver returns domain names longer than MAXDNAME.
Reviewed by: Martin Kraemer, Mark J Cox, Dean Gaudet, Randy Terbush
Revision Changes Path
1.9 +3 -1 apachen/src/support/logresolve.c
Index: logresolve.c
===================================================================
RCS file: /export/home/cvs/apachen/src/support/logresolve.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- logresolve.c 1997/09/14 22:48:09 1.8
+++ logresolve.c 1998/01/20 01:44:42 1.9
@@ -194,7 +194,9 @@
else
cachehits++;
- strcpy(string, (*current)->hostname);
+ /* size of string == MAXDNAME +1 */
+ strncpy(string, (*current)->hostname, MAXDNAME);
+ string[MAXDNAME] = '\0';
}
/*
