bin/80687: [patch] Missing NULL termination after strncpy() in
login(1)
Przemyslaw Frasunek
venglin at freebsd.lublin.pl
Fri May 6 02:30:01 PDT 2005
>Number: 80687
>Category: bin
>Synopsis: [patch] Missing NULL termination after strncpy() in login(1)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri May 06 09:30:00 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Przemyslaw Frasunek
>Release: FreeBSD 4.11-STABLE i386
>Organization:
czuby.net
>Environment:
System: FreeBSD lagoon.freebsd.lublin.pl 4.11-STABLE FreeBSD 4.11-STABLE #0: Tue Feb 8 12:36:09 CET 2005 root at riget.scene.pl:/usr/src/sys/compile/RIGET i386
>Description:
Similar to bin/80661
>How-To-Repeat:
N/A
>Fix:
--- usr.bin/login/login.c.old Fri May 6 11:20:19 2005
+++ usr.bin/login/login.c Fri May 6 11:20:36 2005
@@ -512,10 +512,10 @@
/* Nothing else left to fail -- really log in. */
memset((void *)&utmp, 0, sizeof(utmp));
(void)time(&utmp.ut_time);
- (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
+ (void)strlcpy(utmp.ut_name, username, sizeof(utmp.ut_name));
if (hostname)
- (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
- (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
+ (void)strlcpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
+ (void)strlcpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
login(&utmp);
dolastlog(quietlog);
@@ -1015,9 +1015,9 @@
}
memset((void *)&ll, 0, sizeof(ll));
(void)time(&ll.ll_time);
- (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
+ (void)strlcpy(ll.ll_line, tty, sizeof(ll.ll_line));
if (hostname)
- (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));+ (void)strlcpy(ll.ll_host, hostname, sizeof(ll.ll_host)); (void)write(fd, (char *)&ll, sizeof(ll));
(void)close(fd);
} else {
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list