marc 98/01/05 13:06:15
Modified: support Tag: APACHE_1_2_X logresolve.c
Log:
SECURITY: Fix a possible buffer overflow in logresolve. This is
only an issue on systems without a MAXDNAME define or where the
resolver returns domain names longer than MAXDNAME.
Reviewed by: Martin Kraemer, Mark J Cox, Dean Gaudet, Randy Terbush
Revision Changes Path
No revision
No revision
1.7.2.1 +3 -1 apache/support/logresolve.c
Index: logresolve.c
===================================================================
RCS file: /export/home/cvs/apache/support/logresolve.c,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- logresolve.c 1997/02/04 23:54:28 1.7
+++ logresolve.c 1998/01/05 21:06:15 1.7.2.1
@@ -202,7 +202,9 @@
} else
cachehits++;
- strcpy(string, (*current)->hostname);
+ /* size of string == MAXDNAME +1 */
+ strncpy(string, (*current)->hostname, MAXDNAME);
+ string[MAXDNAME] = '\0';
}
/*
