From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed, 29 Oct 2008 17:26:42 +0000 (+0000)
Subject: Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
X-Git-Tag: SUDO_1_7_0~67
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=efb510a9dc15bca8652cab5c7f7f257d424c462c;p=sudo

Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
systems do not include space for the NUL in the size.  Also manually
NUL-terminate buffer from gethostname() since POSIX is wishy-washy on this.
---

diff --git a/match.c b/match.c
index e62513ac6..f68bb1a69 100644
--- a/match.c
+++ b/match.c
@@ -793,8 +793,8 @@ netgr_matches(netgr, lhost, shost, user)
 #ifdef HAVE_GETDOMAINNAME
     /* get the domain name (if any) */
     if (!initialized) {
-	domain = (char *) emalloc(MAXHOSTNAMELEN);
-	if (getdomainname(domain, MAXHOSTNAMELEN) == -1 || *domain == '\0') {
+	domain = (char *) emalloc(MAXHOSTNAMELEN + 1);
+	if (getdomainname(domain, MAXHOSTNAMELEN + 1) == -1 || *domain == '\0') {
 	    efree(domain);
 	    domain = NULL;
 	}
diff --git a/sudo.c b/sudo.c
index 6b91d941e..8c3c73e54 100644
--- a/sudo.c
+++ b/sudo.c
@@ -576,7 +576,7 @@ init_vars(sudo_mode, envp)
     int sudo_mode;
     char **envp;
 {
-    char *p, **ep, thost[MAXHOSTNAMELEN];
+    char *p, **ep, thost[MAXHOSTNAMELEN + 1];
     int nohostname;
 
     /* Sanity check command from user. */
@@ -602,6 +602,7 @@ init_vars(sudo_mode, envp)
     if (nohostname)
 	user_host = user_shost = "localhost";
     else {
+	thost[sizeof(thost) - 1] = '\0';
 	user_host = estrdup(thost);
 	if (def_fqdn) {
 	    /* Defer call to set_fqdn() until log_error() is safe. */
diff --git a/testsudoers.c b/testsudoers.c
index f7b1282f7..c5997b65c 100644
--- a/testsudoers.c
+++ b/testsudoers.c
@@ -129,7 +129,8 @@ main(argc, argv)
     struct cmndspec *cs;
     struct privilege *priv;
     struct userspec *us;
-    char *p, *grfile, *pwfile, *runas_group, *runas_user, hbuf[MAXHOSTNAMELEN];
+    char *p, *grfile, *pwfile, *runas_group, *runas_user;
+    char hbuf[MAXHOSTNAMELEN + 1];
     int ch, dflag, rval, matched;
 #ifdef	YYDEBUG
     extern int yydebug;
@@ -209,6 +210,7 @@ main(argc, argv)
     if (user_host == NULL) {
 	if (gethostname(hbuf, sizeof(hbuf)) != 0)
 	    error(1, "gethostname");
+	hbuf[sizeof(hbuf) - 1] = '\0';
 	user_host = hbuf;
     }
     if ((p = strchr(user_host, '.'))) {