Prevent sscanf() from overflowing its output buffer(s) if the input

string contains a hostname longer than 255 chars.
Truncates silently now - still better than crashing.

usr.sbin/named/nslookup/main.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.3 1998/01/09 08:10:08 perry Exp $	*/
+/*	$NetBSD: main.c,v 1.4 1998/10/15 12:34:21 drochner Exp $	*/
 
 /*
  * ++Copyright++ 1985, 1989
@@ -63,7 +63,7 @@ char copyright[] =
 
 #ifndef lint
 static char sccsid[] = "@(#)main.c	5.42 (Berkeley) 3/3/91";
-static char rcsid[] = "$Id: main.c,v 1.3 1998/01/09 08:10:08 perry Exp $";
+static char rcsid[] = "$Id: main.c,v 1.4 1998/10/15 12:34:21 drochner Exp $";
 #endif /* not lint */
 
 /*
@@ -680,8 +680,8 @@ LookupHost(string, putToFile)
      *	 optional output file name.
      *
      */
+    sscanf(string, " " NAME_LEN_STR, host);	/* removes white space */
 
-    sscanf(string, " %s", host);	/* removes white space */
     if (!putToFile) {
 	filePtr = stdout;
     } else {
@@ -742,7 +742,7 @@ LookupHostWithServer(string, putToFile)
 
     curHostValid = FALSE;
 
-    sscanf(string, " %s %s", host, server);
+    sscanf(string, " " NAME_LEN_STR " " NAME_LEN_STR, host, server);
     if (!putToFile) {
 	filePtr = stdout;
     } else {

usr.sbin/named/nslookup/res.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: res.h,v 1.3 1998/01/09 08:10:10 perry Exp $	*/
+/*	$NetBSD: res.h,v 1.4 1998/10/15 12:34:21 drochner Exp $	*/
 
 /*
  * ++Copyright++ 1985, 1989
@@ -57,7 +57,7 @@
 
 /*
  *	@(#)res.h	5.10 (Berkeley) 6/1/90
- *	$Id: res.h,v 1.3 1998/01/09 08:10:10 perry Exp $
+ *	$Id: res.h,v 1.4 1998/10/15 12:34:21 drochner Exp $
  */
 
 /*
@@ -119,6 +119,7 @@ typedef int Boolean;
  */
 
 #define NAME_LEN 256
+#define NAME_LEN_STR "%255s"	/* for scanf formats */
 
 
 /*