bin/80687: [patch] Missing NULL termination after strncpy() in
login(1)
Bruce Evans
bde at zeta.org.au
Fri May 6 11:20:08 PDT 2005
The following reply was made to PR bin/80687; it has been noted by GNATS.
From: Bruce Evans <bde at zeta.org.au>
To: Przemyslaw Frasunek <venglin at freebsd.lublin.pl>
Cc: FreeBSD-gnats-submit at FreeBSD.org, freebsd-bugs at FreeBSD.org
Subject: Re: bin/80687: [patch] Missing NULL termination after strncpy() in
login(1)
Date: Sat, 7 May 2005 04:18:34 +1000 (EST)
On Fri, 6 May 2005, Przemyslaw Frasunek wrote:
>> Description:
> Similar to bin/80661
>> How-To-Repeat:
> N/A
>> Fix:
> --- usr.bin/login/login.c.old Fri May 6 11:20:19 2005
> +++ usr.bin/login/login.c Fri May 6 11:20:36 2005
> @@ -512,10 +512,10 @@
> /* Nothing else left to fail -- really log in. */
> memset((void *)&utmp, 0, sizeof(utmp));
> (void)time(&utmp.ut_time);
> - (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
> + (void)strlcpy(utmp.ut_name, username, sizeof(utmp.ut_name));
> if (hostname)
> - (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
> - (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
> + (void)strlcpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
> + (void)strlcpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
> login(&utmp);
>
> dolastlog(quietlog);
The utmp names are apparently not strings, so teminating them just breaks
recording of some names that work now. Everything (?) uses strn*() to
access these names, so non-strings in them work. I logged in as a user
with a 16-char username and least the following programs displayed it
correctly:
w
who
last
ps
The bug seems to be just that the non-stringness of the names is not
documented.
Bruce
More information about the freebsd-bugs
mailing list