From a0b03ac8703b74e25793f11da348cc8f7804185d Mon Sep 17 00:00:00 2001 From: Petar Kapris Date: Thu, 17 Dec 2020 22:08:34 +0100 Subject: [PATCH] Fix length of user and host in check_idle() The username and hostname in a utmp entry is not guarranteed to be NUL terminated. Specifically, if a user's name is exactly UT_NAMESIZE (32 on most systems today), the last character will not in fact be NUL. This creates a problem in the line 866 for example, where strncpy is used to copy all but the last byte of the utmp username in user. This will cause an error in the specific case where strlen(utmpp->ut_user) = UT_NAMESIZE. The solution is to simply make user and host one byte longer, thereby letting them have a place for the terminating NUL, after this, they can be treated as regular strings without any error or extra precaution. --- timeoutd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/timeoutd.c b/timeoutd.c index c684da5..841ad90 100644 --- a/timeoutd.c +++ b/timeoutd.c @@ -850,8 +850,8 @@ int session; void check_idle() { /* Check for exceeded time limits & logoff exceeders */ - char user[sizeof(utmpp->ut_user)]; - char host[sizeof(utmpp->ut_host)]; + char user[sizeof(utmpp->ut_user) + 1]; + char host[sizeof(utmpp->ut_host) + 1]; struct stat status, *pstat; time_t idle, sesstime; short aktconfigline = -1; /* -1 if user is in config; >0 if he's not in config, * is handled in an other way */