[tz] [PROPOSED PATCH 1/4] Fix unlikely buffer overrun when setting date across network.

Paul Eggert eggert at cs.ucla.edu
Thu Aug 21 21:43:23 UTC 2014


* date.c (netsettime) [TSP_SETDATE]: Don't assume gethostname
returns a null-terminated string.
---
 date.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/date.c b/date.c
index c8fab75..3b44c94 100644
--- a/date.c
+++ b/date.c
@@ -819,7 +819,6 @@ netsettime(struct timeval ntv)
 {
 	int s, length, port, timed_ack, found, err, waittime;
 	fd_set ready;
-	char hostname[MAXHOSTNAMELEN];
 	struct timeval tout;
 	struct servent *sp;
 	struct tsp msg;
@@ -858,11 +857,15 @@ netsettime(struct timeval ntv)
 	}
 	msg.tsp_type = TSP_SETDATE;
 	msg.tsp_vers = TSPVERSION;
-	if (gethostname(hostname, sizeof (hostname))) {
+	msg.tsp_name[sizeof msg.tsp_name - 1] = '\0';
+	if (gethostname(msg.tsp_name, sizeof msg.tsp_name) != 0) {
 		perror("gethostname");
 		goto bad;
 	}
-	strncpy(msg.tsp_name, hostname, sizeof (hostname));
+	if (msg.tsp_name[sizeof msg.tsp_name - 1]) {
+		fprintf(stderr, "hostname too long\n");
+		goto bad;
+	}
 	msg.tsp_seq = htons(0);
 	msg.tsp_time.tv_sec = htonl(ntv.tv_sec);
 	msg.tsp_time.tv_usec = htonl(ntv.tv_usec);
-- 
1.9.1



More information about the tz mailing list