| Summary | Local hostname resolution buffer overflow |
|---|---|
| Date | 2004-08-26 |
| CVE Number | CVE-2004-0785 |
| Discovered By | Sean (infamous42md) |
| Fixed In Release | 0.82 |
Buffer overflow. If the local computer’s host name is not in /etc/hosts, and
the computer performs a DNS query to obtain its hostname when signing on to
zephyr, it could receive a reply with a hostname greater than MAXHOSTNAMELEN
(generally 64 bytes). If gethostbyname() does not ensure the size of
hostent->h_name is less than MAXHOSTNAMELEN, this value would be copied to
a buffer that is not large enough.
The calls to copy the hostname were replaced with calls that check the length of the destination buffer.