Package: arpwatch / 2.1a15-2

41_bug705894-long-hostnames Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Description: fix buffer overflow with long hostnames
    (the rest of the patch is in debian/patches/13opt_allsubnets)
Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Bug-Debian: https://bugs.debian.org/705894
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1097289

--- a/db.c
+++ b/db.c
@@ -293,8 +293,10 @@
 	BCOPY(e, ep->e, 6);
 	if (h == NULL && !initializing)
 		h = getsname(a);
-	if (h != NULL && !isdigit((int)*h))
-		strcpy(ep->h, h);
+	if (h != NULL && !isdigit((int)*h)) {
+		strncpy(ep->h, h, 34);
+                ep->h[33] = '\0';
+        }
 	ep->t = t;
 	if (interface != NULL) {
 		strncpy(ep->i, interface, 16);
@@ -318,7 +320,8 @@
 	if (!isdigit((int)*h) && strcmp(h, ep->h) != 0) {
 		syslog(LOG_INFO, "hostname changed %s %s %s -> %s",
 		    intoa(ap->a), e2str(ep->e), ep->h, h);
-		strcpy(ep->h, h);
+		strncpy(ep->h, h, 34);
+                ep->h[33] = '\0';
 	}
 }