- (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.

Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>

ChangeLog

@@ -1,6 +1,8 @@
 20000926
  - (djm) Update X11-askpass to 1.0.2 in RPM spec file
- - (djm) Define _REENTRANT
+ - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
+ - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c. 
+   Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> 
 
 20000924
  - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>

fake-getnameinfo.c

@@ -25,15 +25,15 @@ int getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
 		if (strlen(tmpserv) > servlen)
 			return EAI_MEMORY;
 		else
-			strcpy(serv, tmpserv);
+			strlcpy(serv, tmpserv, servlen);
 	}
 
 	if (host) {
 		if (flags & NI_NUMERICHOST) {
-			if (strlen(inet_ntoa(sin->sin_addr)) > hostlen)
+			if (strlen(inet_ntoa(sin->sin_addr)) >= hostlen)
 				return EAI_MEMORY;
 
-			strcpy(host, inet_ntoa(sin->sin_addr));
+			strlcpy(host, inet_ntoa(sin->sin_addr), hostlen);
 			return 0;
 		} else {
 			hp = gethostbyaddr((char *)&sin->sin_addr, 
@@ -41,10 +41,10 @@ int getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
 			if (hp == NULL)
 				return EAI_NODATA;
 			
-			if (strlen(hp->h_name) > hostlen)
+			if (strlen(hp->h_name) >= hostlen)
 				return EAI_MEMORY;
 
-			strcpy(host, hp->h_name);
+			strlcpy(host, hp->h_name, hostlen);
 			return 0;
 		}
 	}