From owner-freebsd-bugs@FreeBSD.ORG  Fri May  6 18:18:55 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3F55816A4D4; Fri,  6 May 2005 18:18:55 +0000 (GMT)
Received: from mailout1.pacific.net.au (mailout1.pacific.net.au [61.8.0.84])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 840D543D6E; Fri,  6 May 2005 18:18:54 +0000 (GMT)
	(envelope-from bde@zeta.org.au)
Received: from mailproxy2.pacific.net.au (mailproxy2.pacific.net.au
	[61.8.0.87])j46IIZrI016771;	Sat, 7 May 2005 04:18:35 +1000
Received: from katana.zip.com.au (katana.zip.com.au [61.8.7.246])
	j46IIXRL016382;	Sat, 7 May 2005 04:18:34 +1000
Date: Sat, 7 May 2005 04:18:34 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@delplex.bde.org
To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
In-Reply-To: <20050506092329.47889.qmail@lagoon.freebsd.lublin.pl>
Message-ID: <20050507035852.B12302@delplex.bde.org>
References: <20050506092329.47889.qmail@lagoon.freebsd.lublin.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
cc: freebsd-bugs@FreeBSD.org
cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: bin/80687: [patch] Missing NULL termination after strncpy() in
 login(1)
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 18:18:55 -0000

On Fri, 6 May 2005, Przemyslaw Frasunek wrote:

>> Description:
> 	Similar to bin/80661
>> How-To-Repeat:
> 	N/A
>> Fix:
> --- usr.bin/login/login.c.old   Fri May  6 11:20:19 2005
> +++ usr.bin/login/login.c       Fri May  6 11:20:36 2005
> @@ -512,10 +512,10 @@
>        /* Nothing else left to fail -- really log in. */
>        memset((void *)&utmp, 0, sizeof(utmp));
>        (void)time(&utmp.ut_time);
> -       (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
> +       (void)strlcpy(utmp.ut_name, username, sizeof(utmp.ut_name));
>        if (hostname)
> -               (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
> -       (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
> +               (void)strlcpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
> +       (void)strlcpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
>        login(&utmp);
>
>        dolastlog(quietlog);

The utmp names are apparently not strings, so teminating them just breaks
recording of some names that work now.  Everything (?) uses strn*() to
access these names, so non-strings in them work.  I logged in as a user
with a 16-char username and least the following programs displayed it
correctly:

     w
     who
     last
     ps

The bug seems to be just that the non-stringness of the names is not
documented.

Bruce