netbsd-bugs: misc/5688: uucpd breaks on long system names

Subject: misc/5688: uucpd breaks on long system names
To: None <gnats-bugs@gnats.netbsd.org>
From: None <darcy@druid.net>
List: netbsd-bugs
Date: 07/01/1998 13:25:30
>Number:         5688
>Category:       misc
>Synopsis:       uucpd breaks on long system names
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    misc-bug-people (Misc Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul  1 10:35:02 1998
>Last-Modified:
>Originator:     D'Arcy J.M. Cain
>Organization:
D'Arcy J.M. Cain <darcy@{druid|vex}.net>   |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 424 2871     (DoD#0082)    (eNTP)   |  what's for dinner.
>Release:        NetBSD-current
>Environment:
	
System: NetBSD druid.net 1.3F NetBSD 1.3F (DRUID) #0: Wed Jul 1 05:42:53 EDT 1998 darcy@druid.net:/usr/src/sys/arch/i386/compile/DRUID i386


>Description:
	Because uucp was designed for dialup and systems were only 8 characters
	the 32 character (31 allowing for terminator) was probably considered
	plenty.  With uucp over tcp/ip however, this limit can be broken by
	long FQDNs.  It is worse because strncpy doesn't add the terminating
	zero in those cases so the string runs into the buffer following.
	
>How-To-Repeat:
	Set up a uucp connection with a site that has a name longer than
	32 characters.
>Fix:
	The following patch helps although it is a bit of a bandaid to the
	problem.  It should probably be changed to create a buffer dynamically
	but then you have to figure out the length in advance.  This fix
	simply increases the buffers to 64 characters so the problem doesn't
	show up so often.  As a safety, I also force a termination of the
	string in case it is still too long.

*** ../src.original//./libexec/uucpd/uucpd.c	Wed May 20 07:48:22 1998
--- ./libexec/uucpd/uucpd.c	Wed May 20 07:50:10 1998
***************
*** 276,283 ****
  	struct passwd *pw;
  	struct sockaddr_in *sin;
  {
! 	char line[32];
! 	char remotehost[32];
  	int wtmp, f;
  	struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
  		sizeof (struct in_addr), AF_INET);
--- 276,283 ----
  	struct passwd *pw;
  	struct sockaddr_in *sin;
  {
! 	char line[64];
! 	char remotehost[64];
  	int wtmp, f;
  	struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
  		sizeof (struct in_addr), AF_INET);
***************
*** 288,293 ****
--- 288,294 ----
  	} else
  		strncpy(remotehost, inet_ntoa(sin->sin_addr),
  		    sizeof (remotehost));
+ 	remotehost[sizeof (remotehost) - 1] = 0; /* safety */
  	wtmp = open(_PATH_WTMP, O_WRONLY|O_APPEND);
  	if (wtmp >= 0) {
  		/* hack, but must be unique and no tty line */
>Audit-Trail:
>Unformatted: