Bug 16186

Summary: [MFC] [PATCH] Insecure use of strncpy() and strcpy() in lpr(1)
Product: Base System Reporter: venglin <venglin>
Component: binAssignee: Garance A Drosehn <gad>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 3.4-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description venglin 2000-01-18 19:10:02 UTC 
	1. Possible strcpy() buffer overflow in printjob.c:823
	2. No room for NULL termination in printjob.c:825, printjob.c:827,
	   printjob.c:836.
Comment 1 gad 2000-01-25 00:57:40 UTC 
In looking over printjob.c in freebsd-current, it looks like someone
already made the changes suggested by this PR.  Those changes were
done around Nov 30th, and they probably did not make it into the
3.4-stable system which this PR is referencing.

(maybe this should be added to 3.x branch too?  I didn't check to see
if it's already there, I only looked at 'current')

---
Garance Alistair Drosehn     =     gad@eclipse.acs.rpi.edu
Senior Systems Programmer        (MIME & NeXTmail capable)
Rensselaer Polytechnic Institute;           Troy NY    USA
Comment 2 Garance A Drosehn freebsd_committer freebsd_triage 2000-11-15 04:57:48 UTC 
State Changed
From-To: open->suspended

Most of this patch had already been done, but two one-line fixes had not 
been.  I've added those fixes to current, and the change is awaiting MFC.
Comment 3 Garance A Drosehn freebsd_committer freebsd_triage 2000-11-15 04:57:48 UTC 
Responsible Changed
From-To: freebsd-bugs->gad@FreeBSD.org

Because I'm trying to clean out PR's for lpr & friends.
Comment 4 Garance A Drosehn freebsd_committer freebsd_triage 2000-12-27 17:18:05 UTC 
State Changed
From-To: suspended->closed

Fix has been applied on both -current (5.x) and -stable (post 4.2)