Apply by doing
cd /usr/src/lib/libc/net
patch -p0 < rcmd.patch
And then to reinstall libc:
cd /usr/src/lib/libc
make && make install
Index: rcmd.c
===================================================================
RCS file: /cvs/src/lib/libc/net/rcmd.c,v
retrieving revision 1.26
diff -u -r1.26 rcmd.c
--- rcmd.c 1997/07/09 01:08:47 1.26
+++ rcmd.c 1998/02/12 00:12:32
@@ -34,7 +34,7 @@
*/
#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: rcmd.c,v 1.26 1997/07/09 01:08:47 millert Exp $";
+static char *rcsid = "$OpenBSD: rcmd.c,v 1.28 1998/02/11 05:28:52 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
@@ -403,39 +403,41 @@
{
register char *user, *p;
int ch;
- char buf[MAXHOSTNAMELEN + 128]; /* host + login */
+ char *buf;
const char *auser, *ahost;
int hostok, userok;
char *rhost = (char *)-1;
char domain[MAXHOSTNAMELEN];
u_int32_t raddr = (u_int32_t)raddrl;
+ size_t buflen;
getdomainname(domain, sizeof(domain));
- while (fgets(buf, sizeof(buf), hostf)) {
+ while ((buf = fgetln(hostf, &buflen))) {
p = buf;
- /* Skip lines that are too long. */
- if (strchr(p, '\n') == NULL) {
- while ((ch = getc(hostf)) != '\n' && ch != EOF)
- ;
- continue;
- }
if (*p == '#')
continue;
- while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
+ while (*p != '\n' && *p != ' ' && *p != '\t' && p < buf + buflen) {
if (!isprint(*p))
goto bail;
*p = isupper(*p) ? tolower(*p) : *p;
p++;
}
+ if (p >= buf + buflen)
+ continue;
if (*p == ' ' || *p == '\t') {
*p++ = '\0';
- while (*p == ' ' || *p == '\t')
+ while (*p == ' ' || *p == '\t' && p < buf + buflen)
p++;
+ if (p >= buf + buflen)
+ continue;
user = p;
while (*p != '\n' && *p != ' ' &&
- *p != '\t' && *p != '\0')
+ *p != '\t' && p < buf + buflen) {
+ if (!isprint(*p))
+ goto bail;
p++;
+ }
} else
user = p;
*p = '\0';
@@ -445,6 +447,9 @@
auser = *user ? user : luser;
ahost = buf;
+
+ if (strlen(ahost) >= MAXHOSTNAMELEN)
+ continue;
/*
* innetgr() must lookup a hostname (we do not attempt
