If the file /etc/hushlogins exists and a line starts with '\0', the
login tools are prone to an off-by-one read.
I see no reliability issue with this, as it would clearly need a
hostile action from a system administrator. But for the sake of
correctness, I've sent this patch nonetheless.
---
login-utils/logindefs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/login-utils/logindefs.c b/login-utils/logindefs.c
index f02c4752d..213ff8d25 100644
--- a/login-utils/logindefs.c
+++ b/login-utils/logindefs.c
@@ -344,7 +344,8 @@ int get_hushlogin_status(struct passwd *pwd, int force_check)
continue; /* ignore errors... */
while (ok == 0 && fgets(buf, sizeof(buf), f)) {
- buf[strlen(buf) - 1] = '\0';
+ if (buf[0] != '\0')
+ buf[strlen(buf) - 1] = '\0';
ok = !strcmp(buf, *buf == '/' ? pwd->pw_shell :
pwd->pw_name);
}
--
2.12.0
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
