Bug 14978

Summary: [MFC] lprm(1) does not kill active daemon if hostname is too long
Product: Base System Reporter: Tatsuya Kudoh <cdr>
Component: binAssignee: Garance A Drosehn <gad>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 2.2.8-RELEASE   
Hardware: Any   
OS: Any   

Description Tatsuya Kudoh 1999-11-18 15:50:00 UTC 
When hostname is too long, lprm(1) fails to judge if the job is active or
inactive. As a result, active daemon and filter process executed by daemon
are not terminated.

The cause is that a spool file that has over 39 characters-length filename
causes buffer-overflow.

Fix: 

At easy way,
/usr/src/usr.sbin/lpr/common_source/rmjob.c, line 66:

static char     current[40];            /* active control file name */

Make this array more big. I changed this size to 256.

( In FreeBSD 3.2, this array is at line 72.
  But I don't know if this problem happens in FreeBSD 3.x.)
How-To-Repeat: 
Use long and long hostname.
(I use 35 characters length hostname.)
Comment 1 Garance A Drosehn freebsd_committer freebsd_triage 2000-11-05 03:27:21 UTC 
State Changed
From-To: open->suspended

I have applied a patch to current which is similar to the one suggested 
here, and which should fix the reported problem.  Patch is awaiting MFC.
Comment 2 Garance A Drosehn freebsd_committer freebsd_triage 2000-11-05 03:27:21 UTC 
Responsible Changed
From-To: freebsd-bugs->gad

I'm trying to take care of lpr-related PR's.
Comment 3 Garance A Drosehn freebsd_committer freebsd_triage 2000-12-27 17:09:55 UTC 
State Changed
From-To: suspended->closed

Fix has been applied on both -current (5.x) and -stable (post 4.2)