summary: Local hostname resolution buffer overflow
discoveredBy: Sean (infamous42md)
Buffer overflow. If the local computer's host name is not in /etc/hosts, and
the computer performs a DNS query to obtain its hostname when signing on to
zephyr, it could receive a reply with a hostname greater than `MAXHOSTNAMELEN`
(generally 64 bytes). If `gethostbyname()`
does not ensure the size of
is less than `MAXHOSTNAMELEN`
, this value would be copied to
a buffer that is not large enough.
The calls to copy the hostname were replaced with calls that check the length
of the destination buffer.