[src/netbsd-1-6]: src/libexec/talkd Pull up revision 1.3 (requested by itojun...

[lukem <lukem%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/5b967df07824
branches:  netbsd-1-6
changeset: 529133:5b967df07824
user:      lukem <lukem%NetBSD.org@localhost>
date:      Wed Oct 02 03:14:16 2002 +0000

description:
Pull up revision 1.3 (requested by itojun in ticket #846):
find_user() in process.c does an unbounded copy into a destination
buffer that is smaller in size than the source buffer.
also, there is no guarantee that any of the string components of
the request packet are null terminated.
in some cases, not all elements of the response buffer are
explicitly set. specifically pad and addr. a talk client can spy to
see which host is talking to which host by sending out regular
packets, to which talkd responds without clearing the addr element.
from xs%kittenz.org@localhost

diffstat:

 libexec/talkd/extern.h |  4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diffs (18 lines):

diff -r 15a1ed4112f8 -r 5b967df07824 libexec/talkd/extern.h
--- a/libexec/talkd/extern.h    Wed Oct 02 02:56:55 2002 +0000
+++ b/libexec/talkd/extern.h    Wed Oct 02 03:14:16 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: extern.h,v 1.2 1998/07/04 19:31:05 mrg Exp $   */
+/*     $NetBSD: extern.h,v 1.2.12.1 2002/10/02 03:14:16 lukem Exp $    */
 
 /*
  * Copyright (c) 1997 Christos Zoulas.  All rights reserved.
@@ -40,7 +40,7 @@
 /* process.c */
 void process_request __P((CTL_MSG *, CTL_RESPONSE *));
 void do_announce __P((CTL_MSG *, CTL_RESPONSE *));
-int find_user __P((char *, char *));
+int find_user __P((char *, char *, size_t));
 
 /* table.c */
 CTL_MSG *find_match __P((CTL_MSG *));