dgaudet 98/01/19 17:44:43
Modified: src/support logresolve.c Log: SECURITY: Fix a possible buffer overflow in logresolve. This is only an issue on systems without a MAXDNAME define or where the resolver returns domain names longer than MAXDNAME. Reviewed by: Martin Kraemer, Mark J Cox, Dean Gaudet, Randy Terbush Revision Changes Path 1.9 +3 -1 apachen/src/support/logresolve.c Index: logresolve.c =================================================================== RCS file: /export/home/cvs/apachen/src/support/logresolve.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- logresolve.c 1997/09/14 22:48:09 1.8 +++ logresolve.c 1998/01/20 01:44:42 1.9 @@ -194,7 +194,9 @@ else cachehits++; - strcpy(string, (*current)->hostname); + /* size of string == MAXDNAME +1 */ + strncpy(string, (*current)->hostname, MAXDNAME); + string[MAXDNAME] = '\0'; } /*