[tz] [PROPOSED PATCH 1/4] Fix unlikely buffer overrun when setting date across network.
Paul Eggert
eggert at cs.ucla.edu
Thu Aug 21 21:43:23 UTC 2014
* date.c (netsettime) [TSP_SETDATE]: Don't assume gethostname
returns a null-terminated string.
---
date.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/date.c b/date.c
index c8fab75..3b44c94 100644
--- a/date.c
+++ b/date.c
@@ -819,7 +819,6 @@ netsettime(struct timeval ntv)
{
int s, length, port, timed_ack, found, err, waittime;
fd_set ready;
- char hostname[MAXHOSTNAMELEN];
struct timeval tout;
struct servent *sp;
struct tsp msg;
@@ -858,11 +857,15 @@ netsettime(struct timeval ntv)
}
msg.tsp_type = TSP_SETDATE;
msg.tsp_vers = TSPVERSION;
- if (gethostname(hostname, sizeof (hostname))) {
+ msg.tsp_name[sizeof msg.tsp_name - 1] = '\0';
+ if (gethostname(msg.tsp_name, sizeof msg.tsp_name) != 0) {
perror("gethostname");
goto bad;
}
- strncpy(msg.tsp_name, hostname, sizeof (hostname));
+ if (msg.tsp_name[sizeof msg.tsp_name - 1]) {
+ fprintf(stderr, "hostname too long\n");
+ goto bad;
+ }
msg.tsp_seq = htons(0);
msg.tsp_time.tv_sec = htonl(ntv.tv_sec);
msg.tsp_time.tv_usec = htonl(ntv.tv_usec);
--
1.9.1
More information about the tz
mailing list