Date: Fri, 6 May 2005 18:20:07 GMT From: Bruce Evans <bde@zeta.org.au> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/80687: [patch] Missing NULL termination after strncpy() in login(1) Message-ID: <200505061820.j46IK7Kr028639@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/80687; it has been noted by GNATS.
From: Bruce Evans <bde@zeta.org.au>
To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Cc: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject: Re: bin/80687: [patch] Missing NULL termination after strncpy() in
login(1)
Date: Sat, 7 May 2005 04:18:34 +1000 (EST)
On Fri, 6 May 2005, Przemyslaw Frasunek wrote:
>> Description:
> Similar to bin/80661
>> How-To-Repeat:
> N/A
>> Fix:
> --- usr.bin/login/login.c.old Fri May 6 11:20:19 2005
> +++ usr.bin/login/login.c Fri May 6 11:20:36 2005
> @@ -512,10 +512,10 @@
> /* Nothing else left to fail -- really log in. */
> memset((void *)&utmp, 0, sizeof(utmp));
> (void)time(&utmp.ut_time);
> - (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
> + (void)strlcpy(utmp.ut_name, username, sizeof(utmp.ut_name));
> if (hostname)
> - (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
> - (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
> + (void)strlcpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
> + (void)strlcpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
> login(&utmp);
>
> dolastlog(quietlog);
The utmp names are apparently not strings, so teminating them just breaks
recording of some names that work now. Everything (?) uses strn*() to
access these names, so non-strings in them work. I logged in as a user
with a 16-char username and least the following programs displayed it
correctly:
w
who
last
ps
The bug seems to be just that the non-stringness of the names is not
documented.
Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505061820.j46IK7Kr028639>