From 90ceddb1606f867f24bd2e0fb136a0b7947577ad Mon Sep 17 00:00:00 2001 From: Warner Losh Date: Sat, 6 Jan 2018 12:46:04 +0000 Subject: [PATCH] The source strings are from the password database which guarantees that the data going into it is sane. Out of an abundance of caution, limit the string copies to prevent an overflow. CID: 1019035 --- lib/libc/net/rcmd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c index 38a150452d2..3cb475a6bec 100644 --- a/lib/libc/net/rcmd.c +++ b/lib/libc/net/rcmd.c @@ -457,8 +457,8 @@ again: first = 0; if ((pwd = getpwnam(luser)) == NULL) return (-1); - (void)strcpy(pbuf, pwd->pw_dir); - (void)strcat(pbuf, "/.rhosts"); + (void)strlcpy(pbuf, pwd->pw_dir, sizeof(pbuf)); + (void)strlcat(pbuf, "/.rhosts", sizeof(pbuf)); /* * Change effective uid while opening .rhosts. If root and