mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-02 12:20:51 +00:00
Code Issues Releases Activity

Use strlcpy() instead of strncpy() when copying to dom_domain to

Browse Source 
ensure that the latter is NUL terminated since it is passed
as an argument to *printf().

Warn about NIS domains that are too long.

Reported by:	Coverity
CID:		1009620, 1009621
MFH:		1 week
This commit is contained in:
Don Lewis 2016-05-12 21:35:40 +00:00
parent 1deb20f631
commit 90abdc2dd7
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=299573
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
usr.sbin/ypbind/ypbind.c
View File

@ -199,6 +199,11 @@ rejecting.", *argp);
res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
return (&res);
}
if (strlen(*argp) > YPMAXDOMAIN) {
syslog(LOG_WARNING, "domain %s too long", *argp);
res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
return (&res);
}
ypdb = malloc(sizeof *ypdb);
if (ypdb == NULL) {
syslog(LOG_WARNING, "malloc: %m");
@ -206,7 +211,7 @@ rejecting.", *argp);
return (&res);
}
bzero(ypdb, sizeof *ypdb);
strncpy(ypdb->dom_domain, *argp, sizeof ypdb->dom_domain);
strlcpy(ypdb->dom_domain, *argp, sizeof ypdb->dom_domain);
ypdb->dom_vers = YPVERS;
ypdb->dom_alive = 0;
ypdb->dom_default = 0;
@ -416,6 +421,9 @@ main(int argc, char *argv[])
errx(1, "unknown option: %s", argv[i]);
}
if (strlen(domain_name) > YPMAXDOMAIN)
warnx("truncating domain name %s", domain_name);
/* blow away everything in BINDINGDIR (if it exists) */
if ((dird = opendir(BINDINGDIR)) != NULL) {
@ -456,7 +464,7 @@ main(int argc, char *argv[])
if (ypbindlist == NULL)
errx(1, "malloc");
bzero(ypbindlist, sizeof *ypbindlist);
strncpy(ypbindlist->dom_domain, domain_name, sizeof ypbindlist->dom_domain);
strlcpy(ypbindlist->dom_domain, domain_name, sizeof ypbindlist->dom_domain);
ypbindlist->dom_vers = YPVERS;
ypbindlist->dom_alive = 0;
ypbindlist->dom_lockfd = -1;
@ -886,13 +894,17 @@ rpc_received(char *dom, struct sockaddr_in *raddrp, int force)
if (ypdb == NULL) {
if (force == 0)
return;
if (strlen(dom) > YPMAXDOMAIN) {
syslog(LOG_WARNING, "domain %s too long", dom);
return;
}
ypdb = malloc(sizeof *ypdb);
if (ypdb == NULL) {
syslog(LOG_WARNING, "malloc: %m");
return;
}
bzero(ypdb, sizeof *ypdb);
strncpy(ypdb->dom_domain, dom, sizeof ypdb->dom_domain);
strlcpy(ypdb->dom_domain, dom, sizeof ypdb->dom_domain);
ypdb->dom_lockfd = -1;
ypdb->dom_default = 0;
ypdb->dom_pnext = ypbindlist;