On 22/11/14 08:34, Joshua Rogers wrote:
Hi,
I've noticed a few off-by-one issues in login-utils..
login.c:963: strncpy(ut.ut_user, username, sizeof(ut.ut_user));
It should be sizeof(ut.ut_user) - 1.
Or, something like
ut.ut_user[sizeof(ut.ut_user) -1] = '\0';
And on line 275:
memset(&ut, 0, sizeof(ut));
strncpy(ut.ut_user, username ? username : "(unknown)",
sizeof(ut.ut_user));
I can't see anywhere that adds the final NUL-byte to ut.ut_user.
If I've missed something though, feel free to ignore this.
Thanks,
It's not needed. The reader of utmp(5) shall read up to
sizeof(ut.ut_user) bytes.
From utmp(5):
String fields are terminated by a null byte ('\0') if they are
shorter than the size of the field.
Thus it is allowed to have non-NUL-terminated fields on the file.
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
