[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-100-g2343dc2

[Tim Ruehsen]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  2343dc2e3547bb4c724c486bdad9c4ba7468053f (commit)
      from  908bfc85edc5d5a8484e8e5f130aa879b6994dee (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=2343dc2e3547bb4c724c486bdad9c4ba7468053f


commit 2343dc2e3547bb4c724c486bdad9c4ba7468053f
Author: Tim Rühsen <address@hidden>
Date:   Sat Feb 29 19:47:19 2020 +0100

    uucpd: Fix 2x heap buffer overflow

diff --git a/src/uucpd.c b/src/uucpd.c
index 407bab1..5674004 100644
--- a/src/uucpd.c
+++ b/src/uucpd.c
@@ -95,8 +95,8 @@ void doit (struct sockaddr *sap, socklen_t salen);
 char *uucico_location = PATH_UUCICO;
 int mypid;
 
-char Username[64];
-char Logname[64];
+char Username[72];
+char Logname[72];
 char *nenv[] = {
   Username,
   Logname,
@@ -249,8 +249,8 @@ doit (struct sockaddr *sap, socklen_t salen)
     }
 
   alarm (0);
-  sprintf (Username, "USER=%s", user);
-  sprintf (Logname, "LOGNAME=%s", user);
+  snprintf (Username, sizeof (Username), "USER=%s", user);
+  snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
   dologin (pw, sap, salen);
   setgid (pw->pw_gid);
 #ifdef HAVE_INITGROUPS

-----------------------------------------------------------------------

Summary of changes:
 src/uucpd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
GNU Inetutils