$OpenBSD: patch-attach_c,v 1.2 2012/07/18 11:15:30 jasper Exp $

Last chunk:
Security fix for CVE-2012-3368
Memory portion (random stack data) disclosure to the client by unclean client disconnect 

Patch from upstream CVS.

--- attach.c.orig	Thu Jan 31 06:59:54 2008
+++ attach.c	Wed Jul 18 13:13:39 2012
@@ -56,7 +56,7 @@ connect_socket(char *name)
 	if (s < 0)
 		return -1;
 	sockun.sun_family = AF_UNIX;
-	strcpy(sockun.sun_path, name);
+	strlcpy(sockun.sun_path, name, sizeof(sockun.sun_path));
 	if (connect(s, (struct sockaddr*)&sockun, sizeof(sockun)) < 0)
 	{
 		close(s);
@@ -237,12 +237,15 @@ attach_main(int noerror)
 		/* stdin activity */
 		if (n > 0 && FD_ISSET(0, &readfds))
 		{
+			ssize_t len;
+
 			pkt.type = MSG_PUSH;
 			memset(pkt.u.buf, 0, sizeof(pkt.u.buf));
-			pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
+			len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
 
-			if (pkt.len <= 0)
+			if (len <= 0)
 				exit(1);
+			pkt.len = len;
 			process_kbd(s, &pkt);
 			n--;
 		}
