Use MAXHOSTNAMELEN+1 when allocating host/domain name since some

systems do not include space for the NUL in the size.  Also manually
NUL-terminate buffer from gethostname() since POSIX is wishy-washy on this.

match.c

@@ -793,8 +793,8 @@ netgr_matches(netgr, lhost, shost, user)
 #ifdef HAVE_GETDOMAINNAME
     /* get the domain name (if any) */
     if (!initialized) {
-	domain = (char *) emalloc(MAXHOSTNAMELEN);
+	domain = (char *) emalloc(MAXHOSTNAMELEN + 1);
-	if (getdomainname(domain, MAXHOSTNAMELEN) == -1 || *domain == '\0') {
+	if (getdomainname(domain, MAXHOSTNAMELEN + 1) == -1 || *domain == '\0') {
 	    efree(domain);
 	    domain = NULL;
 	}

sudo.c

@@ -576,7 +576,7 @@ init_vars(sudo_mode, envp)
     int sudo_mode;
     char **envp;
 {
-    char *p, **ep, thost[MAXHOSTNAMELEN];
+    char *p, **ep, thost[MAXHOSTNAMELEN + 1];
     int nohostname;
 
     /* Sanity check command from user. */
@@ -602,6 +602,7 @@ init_vars(sudo_mode, envp)
     if (nohostname)
 	user_host = user_shost = "localhost";
     else {
+	thost[sizeof(thost) - 1] = '\0';
 	user_host = estrdup(thost);
 	if (def_fqdn) {
 	    /* Defer call to set_fqdn() until log_error() is safe. */

testsudoers.c

@@ -129,7 +129,8 @@ main(argc, argv)
     struct cmndspec *cs;
     struct privilege *priv;
     struct userspec *us;
-    char *p, *grfile, *pwfile, *runas_group, *runas_user, hbuf[MAXHOSTNAMELEN];
+    char *p, *grfile, *pwfile, *runas_group, *runas_user;
+    char hbuf[MAXHOSTNAMELEN + 1];
     int ch, dflag, rval, matched;
 #ifdef	YYDEBUG
     extern int yydebug;
@@ -209,6 +210,7 @@ main(argc, argv)
     if (user_host == NULL) {
 	if (gethostname(hbuf, sizeof(hbuf)) != 0)
 	    error(1, "gethostname");
+	hbuf[sizeof(hbuf) - 1] = '\0';
 	user_host = hbuf;
     }
     if ((p = strchr(user_host, '.'))) {