We copy the results of gethostbyaddr into a fixed length buffer
without checking whether they fit. Add a length check, and use
strlcpy to do the copy to make sure we can't overflow.
Caught by coverity (#985912, #985872)
Change-Id: I1e8f0fbb2577199c25201940f54646a4acdbbd37
Reviewed-on: http://gerrit.openafs.org/9393
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
return NULL;
#endif
th = gethostbyaddr((void *)&addr, sizeof(addr), AF_INET);
- if (th) {
- strcpy(tbuffer, th->h_name);
+ if (th && strlen(th->h_name) < sizeof(tbuffer)) {
+ strlcpy(tbuffer, th->h_name, sizeof(tbuffer));
} else {
addr = ntohl(addr);
sprintf(tbuffer, "%d.%d.%d.%d", (int)((addr >> 24) & 0xff),