From mhpower: make sure long arguments don't cause buffer overflows.

author: Greg Hudson <ghudson@mit.edu> 1998-04-13 16:19:17 +0000
committer: Greg Hudson <ghudson@mit.edu> 1998-04-13 16:19:17 +0000
commit: 76aa28c2285288f481d1193b1652315ebf0745c7 (patch)
tree: d3fd2f8e54a84dcc7b123ca5ca35b21174f3bdc8 /clients
parent: b43b38089742fa817300256ac8890e3b7594b598 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/clients/zlocate/zlocate.c b/clients/zlocate/zlocate.c
index 6167896..8d7861d 100644
--- a/clients/zlocate/zlocate.c
+++ b/clients/zlocate/zlocate.c
@@ -72,7 +72,7 @@ main(argc,argv)
 {
     char user[BUFSIZ],*whichuser;
     ZAsyncLocateData_t ald;
-    int retval,i,numlocs,numfound,loc,auth;
+    int retval,i,numlocs,numfound,loc,auth,rlen;
     ZNotice_t notice;
 #ifdef _POSIX_VERSION
     struct sigaction sa;
@@ -120,12 +120,14 @@ main(argc,argv)
 
     numleft = numusers;
     numfound = 0;
+    rlen = strlen(ZGetRealm());
 
     i = 0;
     for (loc = 0; loc < argc; loc++) {
 	if (argv[loc][0] == '-') continue;
 
-	(void) strcpy(user,argv[loc]);
+	(void) strncpy(user,argv[loc],sizeof(user) - rlen - 2);
+	user[sizeof(user) - rlen - 2] = '\0';
 	if (!strchr(user,'@')) {
 	    (void) strcat(user,"@");
 	    (void) strcat(user,ZGetRealm());
author	Greg Hudson <ghudson@mit.edu>	1998-04-13 16:19:17 +0000
committer	Greg Hudson <ghudson@mit.edu>	1998-04-13 16:19:17 +0000
commit	76aa28c2285288f481d1193b1652315ebf0745c7 (patch)
tree	d3fd2f8e54a84dcc7b123ca5ca35b21174f3bdc8 /clients
parent	b43b38089742fa817300256ac8890e3b7594b598 (diff)