L411-L414:
strcpy (line, remotehost);
SCPYN (ll.ll_line, line);
SCPYN (ll.ll_host, remotehost);
write (f, (char *) &ll, sizeof (ll));'remotehost' is either 64 bytes or 1025 (depends on the code paths protected by #ifdef). 'line' is only 32 bytes. I have no idea about L411 - if it's an accident or on (what ?) purpose. Apart from that, the two calls to SCPYN() *may* not 0-terminate the strings ll.ll_line and ll.ll_host in every case (if line or remotehost have lengths >= the destination). A few lines above: # define SCPYN(a, b) strncpy(a, b, sizeof (a)) Regards, Tim
signature.asc
Description: OpenPGP digital signature
