Fix potential buffer overruns.

1 files changed, 9 insertions, 5 deletions

diff --git a/server/kopt.c b/server/kopt.c
index 0e64850..af77c56 100644
--- a/server/kopt.c
+++ b/server/kopt.c
@@ -296,8 +296,9 @@ krb_rd_req(authent,service,instance,from_addr,ad,fn)
         mutual = 0;
 #endif /* lint */
     s_kvno = *ptr++;		/* get server key version */
-    strcpy(realm,ptr);		/* And the realm of the issuing KDC */
-    ptr += strlen(ptr) + 1;     /* skip the realm "hint" */
+    (void) strncpy(realm,ptr,REALM_SZ);		/* And the realm of the issuing KDC */
+    realm[REALM_SZ-1] = '\0';
+    ptr += strlen(realm) + 1;     /* skip the realm "hint" */
 
     /*
      * If "fn" is NULL, key info should already be set; don't
@@ -377,13 +378,16 @@ krb_rd_req(authent,service,instance,from_addr,ad,fn)
 #define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
 
     ptr = (char *) req_id->dat;
-    strcpy(r_aname,ptr);	/* Authentication name */
+    (void) strncpy(r_aname,ptr,ANAME_SZ);	/* Authentication name */
+    r_aname[ANAME_SZ-1] = '\0';
     ptr += strlen(r_aname) + 1;
     check_ptr();
-    strcpy(r_inst,ptr);		/* Authentication instance */
+    (void) strncpy(r_inst,ptr,INST_SZ);		/* Authentication instance */
+    r_inst[INST_SZ-1] = '\0';
     ptr += strlen(r_inst) + 1;
     check_ptr();
-    strcpy(r_realm,ptr);	/* Authentication name */
+    (void) strncpy(r_realm,ptr,REALM_SZ);	/* Authentication name */
+    r_realm[REALM_SZ-1] = '\0';
     ptr += strlen(r_realm) + 1;
     check_ptr();
     memcpy(&ad->checksum, ptr, 4);	/* Checksum */