kayprish/timeoutd
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fix length of user and host in check_idle()

Browse source 
The username and hostname in a utmp entry is not guarranteed to be NUL
terminated. Specifically, if a user's name is exactly UT_NAMESIZE (32 on
most systems today), the last character will not in fact be NUL. This
creates a problem in the line 866 for example, where strncpy is used to
copy all but the last byte of the utmp username in user. This will cause
an error in the specific case where strlen(utmpp->ut_user) =
UT_NAMESIZE.

The solution is to simply make user and host one byte longer, thereby
letting them have a place for the terminating NUL, after this, they can
be treated as regular strings without any error or extra precaution.
This commit is contained in:
Petar Kapris 2020-12-17 22:08:34 +01:00
parent c272cf17db
commit a0b03ac870
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
timeoutd.c
View file

@ -850,8 +850,8 @@ int session;
void check_idle()
{ /* Check for exceeded time limits & logoff exceeders */
char user[sizeof(utmpp->ut_user)];
char host[sizeof(utmpp->ut_host)];
char user[sizeof(utmpp->ut_user) + 1];
char host[sizeof(utmpp->ut_host) + 1];
struct stat status, *pstat;
time_t idle, sesstime;
short aktconfigline = -1; /* -1 if user is in config; >0 if he's not in config, * is handled in an other way */