diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2002-09-25 03:43:21 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2002-09-25 03:43:21 +0000 |
| commit | a399d6f90e89d68df1ac6468ea1fbc9f3bc5d1bf (patch) | |
| tree | a7f07514d81c41d8f1e93b51ca35c96f3e0c9c58 /libexec/talkd | |
| parent | 33ce82e4069dbb7ce660bfdcc303d148047744ed (diff) | |
- "resposne" is used without initialization, so zero-fill
- sendto(2) performed with osockaddr, so avoid that
- reject anything other than AF_INET
based on patch from xs@kittenz.org. deraadt/millert ok
Diffstat (limited to 'libexec/talkd')
| -rw-r--r-- | libexec/talkd/talkd.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/libexec/talkd/talkd.c b/libexec/talkd/talkd.c index 51b8e489214..5b737c085ba 100644 --- a/libexec/talkd/talkd.c +++ b/libexec/talkd/talkd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: talkd.c,v 1.14 2002/09/06 19:43:54 deraadt Exp $ */ +/* $OpenBSD: talkd.c,v 1.15 2002/09/25 03:43:20 itojun Exp $ */ /* * Copyright (c) 1983 Regents of the University of California. @@ -41,7 +41,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)talkd.c 5.8 (Berkeley) 2/26/91";*/ -static char rcsid[] = "$Id: talkd.c,v 1.14 2002/09/06 19:43:54 deraadt Exp $"; +static char rcsid[] = "$Id: talkd.c,v 1.15 2002/09/25 03:43:20 itojun Exp $"; #endif /* not lint */ /* @@ -103,7 +103,9 @@ main(argc, argv) socklen_t len = sizeof(response.addr); CTL_MSG request; int cc; + struct sockaddr ctl_addr; + memset(&response, 0, sizeof(response)); cc = recvfrom(STDIN_FILENO, (char *)&request, sizeof (request), 0, (struct sockaddr *)&response.addr, &len); @@ -112,17 +114,23 @@ main(argc, argv) syslog(LOG_WARNING, "recvfrom: %m"); continue; } + /* Force NUL termination */ - request.l_name[NAME_SIZE-1] = '\0'; - request.r_name[NAME_SIZE-1] = '\0'; - request.r_tty[TTY_SIZE-1] = '\0'; + request.l_name[sizeof(request.l_name) - 1] = '\0'; + request.r_name[sizeof(request.r_name) - 1] = '\0'; + request.r_tty[sizeof(request.r_tty) - 1] = '\0'; + + memcpy(&ctl_addr, &request.ctl_addr, sizeof(ctl_addr)); + ctl_addr.sa_family = request.ctl_addr.sa_family; + ctl_addr.sa_len = sizeof(ctl_addr); + if (ctl_addr.sa_family != AF_INET) + continue; lastmsgtime = time(0); process_request(&request, &response); /* can block here, is this what I want? */ cc = sendto(STDOUT_FILENO, (char *)&response, - sizeof (response), 0, (struct sockaddr *)&request.ctl_addr, - sizeof (request.ctl_addr)); + sizeof (response), 0, &ctl_addr, sizeof (ctl_addr)); if (cc != sizeof (response)) syslog(LOG_WARNING, "sendto: %m"); } |