If the buffer is smaller than `HOST_NAME_MAX` (64 on Linux but up to
255 bytes in POSIX, which FreeBSD, MacOS etc honor) gethostname()
might return -1 without null-terminating the buffer, causing an
out-of-bounds read.
As we look for the first '.' using `strchr()`, replacing it with a
null byte, we also have a one-byte out-of-bounds write which might
result in a crash or, albeit very unlikely, arbitrary code execution.
(cherry picked from commit
aac6348d56f6f3fdba9dd2455ef06081da507c14)
(cherry picked from commit
be93bc7da4caddc5a6c84fa7b42e82592e9add49)
return;
if(hostname.empty()) {
- char tmp[80];
+ char tmp[HOST_NAME_MAX+1];
memset(tmp, 0, sizeof(tmp));
- gethostname(tmp, sizeof(tmp));
+ if (gethostname(tmp, sizeof(tmp)) != 0) {
+ throw std::runtime_error("The 'carbon-ourname' setting has not been set and we are unable to determine the system's hostname: " + stringerror());
+ }
char *p = strchr(tmp, '.');
if(p) *p=0;