mirror of
https://github.com/Stichting-MINIX-Research-Foundation/pkgsrc-ng.git
synced 2025-08-03 09:48:00 -04:00
66 lines
1.5 KiB
Plaintext
66 lines
1.5 KiB
Plaintext
$NetBSD: patch-ad,v 1.3 2007/04/18 17:06:16 ghen Exp $
|
|
|
|
--- server.c.orig 2006-05-01 22:43:10.000000000 +0200
|
|
+++ server.c
|
|
@@ -210,7 +210,7 @@ if(SQLConnect(cnf->sqlhost,cnf->sqluser,
|
|
return(-1);
|
|
}
|
|
|
|
-GetPeerIp(s,ip,buff);
|
|
+GetPeerIp(s,ip,BLEN,buff,BLEN);
|
|
|
|
//
|
|
// We check if this IP is authorized to connect to us
|
|
@@ -265,21 +265,34 @@ while(1==1)
|
|
// Now, we are sure our buffer string length is no more than BLEN
|
|
// as all parameters are defined also as buffers with a BLEN size
|
|
// no buffer overflow is possible using strcpy .
|
|
+ // But what's the point. Protect it anyway.
|
|
//
|
|
|
|
if(strcmp(buff,"")==0) break;
|
|
|
|
if(strncmp(buff,"request=",8)==0)
|
|
- strcpy(request,buff+8);
|
|
+ {
|
|
+ strncpy(request,buff+8, sizeof(request)-1);
|
|
+ request[sizeof(request)-1] = '\0';
|
|
+ }
|
|
|
|
if(strncmp(buff,"sender=",7)==0)
|
|
- strcpy(sender,buff+7);
|
|
+ {
|
|
+ strncpy(sender,buff+7, sizeof(sender)-1);
|
|
+ sender[sizeof(sender)-1] = '\0';
|
|
+ }
|
|
|
|
if(strncmp(buff,"recipient=",10)==0)
|
|
- strcpy(recipient,buff+10);
|
|
+ {
|
|
+ strncpy(recipient,buff+10, sizeof(recipient)-1);
|
|
+ recipient[sizeof(recipient)-1] = '\0';
|
|
+ }
|
|
|
|
if(strncmp(buff,"client_address=",15)==0)
|
|
- strcpy(ip,buff+15);
|
|
+ {
|
|
+ strncpy(ip,buff+15,sizeof(ip)-1);
|
|
+ ip[sizeof(ip)-1] = '\0';
|
|
+ }
|
|
|
|
}
|
|
|
|
@@ -304,7 +317,11 @@ Quote(sender);
|
|
// Now, we can safely use, str** functions
|
|
//
|
|
|
|
-if(sender[0]==0) strcpy(sender,"void@void");
|
|
+if(sender[0]==0)
|
|
+ {
|
|
+ strncpy(sender,"void@void",sizeof(sender)-1);
|
|
+ sender[sizeof(sender)-1] = '\0';
|
|
+ }
|
|
|
|
if(strcmp(request,REQ)!=0 || recipient[0]==0 || ip[0]==0)
|
|
{
|