[894] in Zephyr_Bugs
fixes for buffer overflows in zephyr library
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Sun Sep 14 20:26:13 1997
From: <mhpower@MIT.EDU>
To: bugs@MIT.EDU, zephyr-bugs@MIT.EDU, sipb-athena-bugs@MIT.EDU
Date: Sun, 14 Sep 1997 20:26:09 EDT
The patches are relative to source in /mit/zephyr/src/lib/zephyr
Matt
*** ZLocations.c.old Wed Jun 12 00:45:27 1996
--- ZLocations.c Sun Sep 14 20:08:28 1997
***************
*** 40,43 ****
hent = gethostbyname(host);
! if (hent)
! (void) strcpy(host, hent->h_name);
}
--- 40,45 ----
hent = gethostbyname(host);
! if (hent) {
! (void) strncpy(host, hent->h_name, sizeof(host));
! host[sizeof(host) - 1] = '\0';
! }
}
*** Zinternal.c.old Tue Jul 18 16:28:17 1995
--- Zinternal.c Sun Sep 14 20:02:23 1997
***************
*** 743,744 ****
--- 743,747 ----
else {
+ if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
+ sizeof(newrecip))
+ return (ZERR_HEADERLEN);
(void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
