From ahd@kew.com  Thu Mar 13 16:53:05 1997
Received: from intergate.hh.kew.com (root@fantasy-factory.net.kew.com [204.96.41.103])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA01534
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 13 Mar 1997 16:52:59 -0800 (PST)
Received: (from root@localhost)
	by intergate.hh.kew.com (8.8.5/8.8.5) id TAA00750;
	Thu, 13 Mar 1997 19:52:55 -0500 (EST)
Message-Id: <199703140052.TAA00750@intergate.hh.kew.com>
Date: Thu, 13 Mar 1997 19:52:55 -0500 (EST)
From: Drew Derbyshire <ahd@kew.com>
Reply-To: ahd@kew.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: /usr/libexec/uucpd hostname truncation
X-Send-Pr-Version: 3.2

>Number:         2982
>Category:       misc
>Synopsis:       hostname buffer length too short in uucpd
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 13 17:00:00 PST 1997
>Closed-Date:    Tue Apr 1 22:40:08 MET DST 1997
>Last-Modified:  Tue Apr  1 12:53:15 PST 1997
>Originator:     Drew Derbyshire
>Release:        FreeBSD 2.2-970225-GAMMA i386
>Organization:
Kendra Electronic Wonderworks
>Environment:

Running Taylor UUCP as supplied with release with uucpd active on
standard port (540).

>Description:

	A failed connection to the uucpd port from a host with 
	a name longer than 31 characters causes a garbled message
	in system log because string is not terminated.  For example:

		Mar  6 11:16:00 athena uucpd[4085]: LOGIN FAILURE FROM
		ppp-206-170-33-17.okld03.pacbell<]?o[^W

>How-To-Repeat:

	See description, above.

>Fix:
	
	Fix is two fold:

		First, use standard definition for maximum
		hostname length (MAXHOSTNAMLEN) for remotehost[] 
		variable in various routines in program.

		Second, terminate string after copy by assigning
		last character of string `\0';

	Patch follows:

*** /usr/src/libexec/uucpd/uucpd.original.c	Thu Mar 13 19:17:53 1997
--- /usr/src/libexec/uucpd/uucpd.c	Thu Mar 13 19:26:29 1997
***************
*** 55,60 ****
--- 55,61 ----
  #include <sys/wait.h>
  #include <sys/ioctl.h>
  #include <sys/socket.h>
+ #include <sys/param.h>
  #include <netinet/in.h>
  #include <arpa/inet.h>
  #include <netdb.h>
***************
*** 110,116 ****
  
  void badlogin(char *name, struct sockaddr_in *sin)
  {
! 	char remotehost[32];
  	struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
  		sizeof (struct in_addr), AF_INET);
  
--- 111,117 ----
  
  void badlogin(char *name, struct sockaddr_in *sin)
  {
! 	char remotehost[MAXHOSTNAMELEN];
  	struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
  		sizeof (struct in_addr), AF_INET);
  
***************
*** 121,126 ****
--- 122,129 ----
  		strncpy(remotehost, inet_ntoa(sin->sin_addr),
  		    sizeof (remotehost));
  
+ 	remotehost[ sizeof remotehost - 1] = '\0';
+ 
  	syslog(LOG_NOTICE, "LOGIN FAILURE FROM %s", remotehost);
  	syslog(LOG_AUTHPRIV|LOG_NOTICE,
  	    "LOGIN FAILURE FROM %s, %s", remotehost, name);
***************
*** 237,243 ****
  void dologin(struct passwd *pw, struct sockaddr_in *sin)
  {
  	char line[32];
! 	char remotehost[32];
  	int f;
  	time_t cur_time;
  	struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
--- 240,246 ----
  void dologin(struct passwd *pw, struct sockaddr_in *sin)
  {
  	char line[32];
! 	char remotehost[MAXHOSTNAMELEN];
  	int f;
  	time_t cur_time;
  	struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: joerg 
State-Changed-When: Tue Apr 1 22:40:08 MET DST 1997 
State-Changed-Why:  
Suggested fix applied in rev 1.11 of uucpd.c, thanks! 

>Unformatted:

