upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

The source strings are from the password database which guarantees

Browse source 
that the data going into it is sane.  Out of an abundance of caution,
limit the string copies to prevent an overflow.

CID: 1019035
This commit is contained in:
Warner Losh 2018-01-06 12:46:04 +00:00
parent ca23e64eb4
commit 90ceddb160
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/libc/net/rcmd.c
View file

@ -457,8 +457,8 @@ again:
first = 0;
if ((pwd = getpwnam(luser)) == NULL)
return (-1);
(void)strcpy(pbuf, pwd->pw_dir);
(void)strcat(pbuf, "/.rhosts");
(void)strlcpy(pbuf, pwd->pw_dir, sizeof(pbuf));
(void)strlcat(pbuf, "/.rhosts", sizeof(pbuf));
/*
* Change effective uid while opening .rhosts. If root and