From 76aa28c2285288f481d1193b1652315ebf0745c7 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 13 Apr 1998 16:19:17 +0000
Subject: From mhpower: make sure long arguments don't cause buffer overflows.

---
 clients/zlocate/zlocate.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'clients/zlocate')

diff --git a/clients/zlocate/zlocate.c b/clients/zlocate/zlocate.c
index 6167896..8d7861d 100644
--- a/clients/zlocate/zlocate.c
+++ b/clients/zlocate/zlocate.c
@@ -72,7 +72,7 @@ main(argc,argv)
 {
     char user[BUFSIZ],*whichuser;
     ZAsyncLocateData_t ald;
-    int retval,i,numlocs,numfound,loc,auth;
+    int retval,i,numlocs,numfound,loc,auth,rlen;
     ZNotice_t notice;
 #ifdef _POSIX_VERSION
     struct sigaction sa;
@@ -120,12 +120,14 @@ main(argc,argv)
 
     numleft = numusers;
     numfound = 0;
+    rlen = strlen(ZGetRealm());
 
     i = 0;
     for (loc = 0; loc < argc; loc++) {
 	if (argv[loc][0] == '-') continue;
 
-	(void) strcpy(user,argv[loc]);
+	(void) strncpy(user,argv[loc],sizeof(user) - rlen - 2);
+	user[sizeof(user) - rlen - 2] = '\0';
 	if (!strchr(user,'@')) {
 	    (void) strcat(user,"@");
 	    (void) strcat(user,ZGetRealm());
-- 
cgit v1.2.3