From d00a8d1e94456d45abbb7c94cd846661735277ab Mon Sep 17 00:00:00 2001
From: dholland <dholland@NetBSD.org>
Date: Mon, 29 Jun 2009 23:05:33 +0000
Subject: Fix two serious string-handling bugs (one exploitable, one probably
 exploitable) and also add proper checking/paranoia in several other places.

---
 hack/hack.do_name.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'hack/hack.do_name.c')

diff --git a/hack/hack.do_name.c b/hack/hack.do_name.c
index 21ee4275..303330fd 100644
--- a/hack/hack.do_name.c
+++ b/hack/hack.do_name.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.do_name.c,v 1.9 2009/06/07 20:13:18 dholland Exp $	*/
+/*	$NetBSD: hack.do_name.c,v 1.10 2009/06/29 23:05:33 dholland Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -63,7 +63,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: hack.do_name.c,v 1.9 2009/06/07 20:13:18 dholland Exp $");
+__RCSID("$NetBSD: hack.do_name.c,v 1.10 2009/06/29 23:05:33 dholland Exp $");
 #endif				/* not lint */
 
 #include <stdlib.h>
@@ -279,7 +279,7 @@ xmonnam(struct monst *mtmp, int vb)
 				gn = ghostnames[rn2(SIZE(ghostnames))];
 				if (!rn2(2))
 					(void)
-						strcpy((char *) mtmp->mextra, !rn2(5) ? plname : gn);
+						strlcpy((char *) mtmp->mextra, !rn2(5) ? plname : gn, mtmp->mxlth);
 			}
 			(void) snprintf(buf, sizeof(buf), "%s's ghost", gn);
 		}
-- 
cgit v1.2.3-56-ge451