Subject: Re: bin/8428: uucpd truncates login names at 8 characters
To: None <eric@cirr.com>
From: Taras Ivanenko <ivanenko@ctpa03.mit.edu>
List: netbsd-bugs
Date: 09/24/1999 11:45:01
> user[] shouldbe truncated to MAXLOGNAME to keep
> setlogin() happy, and I've incorporated that into a new patch
> below. I've also forced user[] to be null terminated after
> leaving readline(), in case someone attempts a buffer overflow
> by sending more than 64 characters (sizeof user).
> ! /* force a trailing NULL*/
> ! user[sizeof user] = '\0';
I do not have the code in front of me but I would be more comfortable
with the statement
user[sizeof(user) - 1] = '\0';
which avoids an array overflow by 1
Taras Ivanenko.