source-changes: CVS commit: basesrc/libexec/talkd

Subject: CVS commit: basesrc/libexec/talkd
To: None <source-changes@netbsd.org>
From: Jun-ichiro itojun Hagino <itojun@netbsd.org>
List: source-changes
Date: 09/19/2002 17:39:52

Module Name:	basesrc
Committed By:	itojun
Date:		Thu Sep 19 14:39:52 UTC 2002

Modified Files:
	basesrc/libexec/talkd: extern.h process.c talkd.c

Log Message:
find_user() in process.c does an unbounded copy into a destination
buffer that is smaller in size than the source buffer.

also, there is no guarantee that any of the string components of
the request packet are null terminated.

in some cases, not all elements of the response buffer are
explicitly set. specifically pad and addr. a talk client can spy to
see which host is talking to which host by sending out regular
packets, to which talkd responds without clearing the addr element.

from xs@kittenz.org


To generate a diff of this commit:
cvs rdiff -r1.2 -r1.3 basesrc/libexec/talkd/extern.h
cvs rdiff -r1.7 -r1.8 basesrc/libexec/talkd/process.c
cvs rdiff -r1.13 -r1.14 basesrc/libexec/talkd/talkd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.