Author: truckman
Date: Thu May 12 21:35:40 2016
New Revision: 299573
URL: https://svnweb.freebsd.org/changeset/base/299573
Log:
Use strlcpy() instead of strncpy() when copying to dom_domain to
ensure that the latter is NUL terminated since it is passed
as an argument to *printf().
Warn about NIS domains that are too long.
Reported by: Coverity
CID: 1009620, 1009621
MFH: 1 week
Modified:
head/usr.sbin/ypbind/ypbind.c
Modified: head/usr.sbin/ypbind/ypbind.c
==============================================================================
--- head/usr.sbin/ypbind/ypbind.c Thu May 12 21:30:22 2016
(r299572)
+++ head/usr.sbin/ypbind/ypbind.c Thu May 12 21:35:40 2016
(r299573)
@@ -199,6 +199,11 @@ rejecting.", *argp);
res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
return (&res);
}
+ if (strlen(*argp) > YPMAXDOMAIN) {
+ syslog(LOG_WARNING, "domain %s too long", *argp);
+ res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
+ return (&res);
+ }
ypdb = malloc(sizeof *ypdb);
if (ypdb == NULL) {
syslog(LOG_WARNING, "malloc: %m");
@@ -206,7 +211,7 @@ rejecting.", *argp);
return (&res);
}
bzero(ypdb, sizeof *ypdb);
- strncpy(ypdb->dom_domain, *argp, sizeof ypdb->dom_domain);
+ strlcpy(ypdb->dom_domain, *argp, sizeof ypdb->dom_domain);
ypdb->dom_vers = YPVERS;
ypdb->dom_alive = 0;
ypdb->dom_default = 0;
@@ -416,6 +421,9 @@ main(int argc, char *argv[])
errx(1, "unknown option: %s", argv[i]);
}
+ if (strlen(domain_name) > YPMAXDOMAIN)
+ warnx("truncating domain name %s", domain_name);
+
/* blow away everything in BINDINGDIR (if it exists) */
if ((dird = opendir(BINDINGDIR)) != NULL) {
@@ -456,7 +464,7 @@ main(int argc, char *argv[])
if (ypbindlist == NULL)
errx(1, "malloc");
bzero(ypbindlist, sizeof *ypbindlist);
- strncpy(ypbindlist->dom_domain, domain_name, sizeof
ypbindlist->dom_domain);
+ strlcpy(ypbindlist->dom_domain, domain_name, sizeof
ypbindlist->dom_domain);
ypbindlist->dom_vers = YPVERS;
ypbindlist->dom_alive = 0;
ypbindlist->dom_lockfd = -1;
@@ -886,13 +894,17 @@ rpc_received(char *dom, struct sockaddr_
if (ypdb == NULL) {
if (force == 0)
return;
+ if (strlen(dom) > YPMAXDOMAIN) {
+ syslog(LOG_WARNING, "domain %s too long", dom);
+ return;
+ }
ypdb = malloc(sizeof *ypdb);
if (ypdb == NULL) {
syslog(LOG_WARNING, "malloc: %m");
return;
}
bzero(ypdb, sizeof *ypdb);
- strncpy(ypdb->dom_domain, dom, sizeof ypdb->dom_domain);
+ strlcpy(ypdb->dom_domain, dom, sizeof ypdb->dom_domain);
ypdb->dom_lockfd = -1;
ypdb->dom_default = 0;
ypdb->dom_pnext = ypbindlist;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
