[381] in Hesiod
Hesiod 3.0.2 Bug
daemon@ATHENA.MIT.EDU (Manuel Guesdon)
Fri Oct 30 08:45:43 1998
Date: Fri, 30 Oct 1998 13:22:13 +0000 ( )
To: hesiod@MIT.EDU
From: Manuel Guesdon <mguesdon@sbuilders.com>
Reply-To: mguesdon@sbuilders.com
Hi all,
I use hesiod 3.0.2 and I think I found a bug in hesiod_getservbyname function:
if you pass a @host part for name parameter,
serv->s_name = malloc(strlen(servicename) + strlen(proto)+ strlen(p) + 3);
don't allocate enough memory ( strlen(servicename)<strlen(name) ) for copying (strcpy(serv->s_name,
name);)
So it crash at least in the hesiod_free_servent function.
Exemple:
kerberos HS TXT "kerberos;udp;750"
When we call hesiod_getservbyname(context,"kerberos@sbuilders.com","udp")
strlen(servicename) will be 8 (strlen("kerberos))
but hesiod_getservbyname copy "kerberos@test.sbuilders.com" in this 8 characters :-(
It is a known bug ? Is there a patch ?
A solution could be to strcpy(serv->s_name, servicename); instead of strcpy(serv->s_name, name).
Please reply with a cc to mguesdon@sbuilders.com as I've not yet subscribed to the list.
Manuel
--
____________________________________________________________________
Manuel GUESDON - SOFTWARE BUILDERS <mguesdon@sbuilders.com>
http://www.sbuilders.com PGP Key Id: 12C3E391
PGP Signed/Encrypted mails prefered
