Apply by doing cd /usr/src/lib/libc/net patch -p0 < rcmd.patch And then to reinstall libc: cd /usr/src/lib/libc make && make install Index: rcmd.c =================================================================== RCS file: /cvs/src/lib/libc/net/rcmd.c,v retrieving revision 1.26 diff -u -r1.26 rcmd.c --- rcmd.c 1997/07/09 01:08:47 1.26 +++ rcmd.c 1998/02/12 00:12:32 @@ -34,7 +34,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: rcmd.c,v 1.26 1997/07/09 01:08:47 millert Exp $"; +static char *rcsid = "$OpenBSD: rcmd.c,v 1.28 1998/02/11 05:28:52 deraadt Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -403,39 +403,41 @@ { register char *user, *p; int ch; - char buf[MAXHOSTNAMELEN + 128]; /* host + login */ + char *buf; const char *auser, *ahost; int hostok, userok; char *rhost = (char *)-1; char domain[MAXHOSTNAMELEN]; u_int32_t raddr = (u_int32_t)raddrl; + size_t buflen; getdomainname(domain, sizeof(domain)); - while (fgets(buf, sizeof(buf), hostf)) { + while ((buf = fgetln(hostf, &buflen))) { p = buf; - /* Skip lines that are too long. */ - if (strchr(p, '\n') == NULL) { - while ((ch = getc(hostf)) != '\n' && ch != EOF) - ; - continue; - } if (*p == '#') continue; - while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { + while (*p != '\n' && *p != ' ' && *p != '\t' && p < buf + buflen) { if (!isprint(*p)) goto bail; *p = isupper(*p) ? tolower(*p) : *p; p++; } + if (p >= buf + buflen) + continue; if (*p == ' ' || *p == '\t') { *p++ = '\0'; - while (*p == ' ' || *p == '\t') + while (*p == ' ' || *p == '\t' && p < buf + buflen) p++; + if (p >= buf + buflen) + continue; user = p; while (*p != '\n' && *p != ' ' && - *p != '\t' && *p != '\0') + *p != '\t' && p < buf + buflen) { + if (!isprint(*p)) + goto bail; p++; + } } else user = p; *p = '\0'; @@ -445,6 +447,9 @@ auser = *user ? user : luser; ahost = buf; + + if (strlen(ahost) >= MAXHOSTNAMELEN) + continue; /* * innetgr() must lookup a hostname (we do not attempt