Commit Graph

8 Commits

Author SHA1 Message Date
itojun 89b1e287f7 find_user() in process.c does an unbounded copy into a destination
buffer that is smaller in size than the source buffer.

also, there is no guarantee that any of the string components of
the request packet are null terminated.

in some cases, not all elements of the response buffer are
explicitly set. specifically pad and addr. a talk client can spy to
see which host is talking to which host by sending out regular
packets, to which talkd responds without clearing the addr element.

from xs@kittenz.org
2002-09-19 14:39:51 +00:00
christos 7d62d2a173 utmpx support 2002-08-20 13:56:50 +00:00
mrg 687403aa7a - clean up some more cruft
- support "talkd -l" for extra (syslog(3)) logging
- fix error in previous announce.c change
- use getopt
- add (missing) -d and -l descriptions to man page
1998-07-04 19:31:05 +00:00
mrg 750ef3b29d - use S_IWGRP over 020
- KNF
- ensure we don't overflow a buffer (don't think it would anyway).
- favour snprintf over sprintf (and varargs versions)
1998-07-03 11:54:08 +00:00
christos 30b8660384 - use ttymsg from libutil
- clean warnings
- PR/3778: Eric Fischer: talkd should find the least idle terminal
1997-06-29 19:13:01 +00:00
christos 5a6c78298f Merge in lite-2 1997-06-29 18:01:12 +00:00
mycroft e9d867ef50 Add RCS identifiers. 1993-08-01 17:54:45 +00:00
cgd 61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00