bin/80687: [patch] Missing NULL termination after strncpy() in login(1)

Bruce Evans bde at zeta.org.au
Fri May 6 11:18:55 PDT 2005


On Fri, 6 May 2005, Przemyslaw Frasunek wrote:

>> Description:
> 	Similar to bin/80661
>> How-To-Repeat:
> 	N/A
>> Fix:
> --- usr.bin/login/login.c.old   Fri May  6 11:20:19 2005
> +++ usr.bin/login/login.c       Fri May  6 11:20:36 2005
> @@ -512,10 +512,10 @@
>        /* Nothing else left to fail -- really log in. */
>        memset((void *)&utmp, 0, sizeof(utmp));
>        (void)time(&utmp.ut_time);
> -       (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
> +       (void)strlcpy(utmp.ut_name, username, sizeof(utmp.ut_name));
>        if (hostname)
> -               (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
> -       (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
> +               (void)strlcpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
> +       (void)strlcpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
>        login(&utmp);
>
>        dolastlog(quietlog);

The utmp names are apparently not strings, so teminating them just breaks
recording of some names that work now.  Everything (?) uses strn*() to
access these names, so non-strings in them work.  I logged in as a user
with a 16-char username and least the following programs displayed it
correctly:

     w
     who
     last
     ps

The bug seems to be just that the non-stringness of the names is not
documented.

Bruce


More information about the freebsd-bugs mailing list