Subject: CVS commit: [netbsd-1-6] basesrc/libexec/talkd
To: None <source-changes@netbsd.org>
From: Luke Mewburn <lukem@netbsd.org>
List: source-changes
Date: 10/02/2002 06:14:32
Module Name: basesrc
Committed By: lukem
Date: Wed Oct 2 03:14:32 UTC 2002
Modified Files:
basesrc/libexec/talkd [netbsd-1-6]: process.c
Log Message:
Pull up revision 1.8 (requested by itojun in ticket #846):
find_user() in process.c does an unbounded copy into a destination
buffer that is smaller in size than the source buffer.
also, there is no guarantee that any of the string components of
the request packet are null terminated.
in some cases, not all elements of the response buffer are
explicitly set. specifically pad and addr. a talk client can spy to
see which host is talking to which host by sending out regular
packets, to which talkd responds without clearing the addr element.
from xs@kittenz.org
To generate a diff of this commit:
cvs rdiff -r1.6 -r1.6.12.1 basesrc/libexec/talkd/process.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.