From b1f7f0c63370d447adb8d1b188beed65777fe232 Mon Sep 17 00:00:00 2001
From: Fritz Elfert <felfert@to.com>
Date: Thu, 11 Jul 2002 17:15:53 +0000
Subject:  - Fixed a possible exploit when using telnet (or any other network  
  client) connecting to ncpd.

---
 ncpd/socketchan.cc | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ncpd')

diff --git a/ncpd/socketchan.cc b/ncpd/socketchan.cc
index 407464a..371befd 100644
--- a/ncpd/socketchan.cc
+++ b/ncpd/socketchan.cc
@@ -207,6 +207,13 @@ socketPoll()
 		//
 		// All commands begin with "NCP$".
 
+		if (memchr(a.getString(), 0, a.getLen()) == 0) {
+			// Not 0 terminated, -> invalid
+			cerr << "ncpd: command " << a << " unrecognized."
+			     << endl;
+			return;
+		}
+
 		// There is a magic process name called "NCP$INFO.*"
 		// which is announced by the rfsvfactory. This causes a
 		// response to be issued containing the NCP version
-- 
cgit v1.2.3