Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/lib/libc/gen/getcap.c,v
retrieving revision 1.33
retrieving revision 1.33.4.2
diff -u -p -r1.33 -r1.33.4.2
--- src/lib/libc/gen/getcap.c	2000/06/02 13:13:07	1.33
+++ src/lib/libc/gen/getcap.c	2002/04/25 04:01:41	1.33.4.2
@@ -1,4 +1,4 @@
-/*	$NetBSD: getcap.c,v 1.33 2000/06/02 13:13:07 itojun Exp $	*/
+/*	$NetBSD: getcap.c,v 1.33.4.2 2002/04/25 04:01:41 nathanw Exp $	*/
 
 /*-
  * Copyright (c) 1992, 1993
@@ -41,7 +41,7 @@
 #if 0
 static char sccsid[] = "@(#)getcap.c	8.3 (Berkeley) 3/25/94";
 #else
-__RCSID("$NetBSD: getcap.c,v 1.33 2000/06/02 13:13:07 itojun Exp $");
+__RCSID("$NetBSD: getcap.c,v 1.33.4.2 2002/04/25 04:01:41 nathanw Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -708,7 +708,10 @@ cgetmatch(buf, name)
 		/*
 		 * Match failed, skip to next name in record.
 		 */
-		bp--;	/* a '|' or ':' may have stopped the match */
+		if (bp > buf)
+			bp--;	/* a '|' or ':' may have stopped the match */
+		else
+			return (-1);
 		for (;;)
 			if (*bp == '\0' || *bp == ':')
 				return (-1);	/* match failed totally */
@@ -819,6 +822,8 @@ cgetnext(bp, db_array)
 		/* 
 		 * Line points to a name line.
 		 */
+		if (len > sizeof(nbuf))
+			return -1;
 		done = 0;
 		np = nbuf;
 		for (;;) {
@@ -850,6 +855,8 @@ cgetnext(bp, db_array)
 					line[len - 1] = '\0';
 			}
 		}
+		if (len > sizeof(buf))
+			return -1;
 		rp = buf;
 		for(cp = nbuf; *cp != '\0'; cp++)
 			if (*cp == '|' || *cp == ':')