summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-03-28 23:19:19 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-03-28 23:24:55 -0400
commit268888765352e4dcf07e40917fef6ab41b7deba1 (patch)
treed8f121440e794a9f9df44493369367eaedf1456d
parentc8c9c69f390ea9cf8e700515757d18fc08d8c4fe (diff)
utmp-wtmp: don't try to read past end of string
systemd-199/src/shared/utmp-wtmp.c:228: buffer_size_warning: Calling strncpy with a maximum size argument of 32 bytes on destination array "store.ut_line" of size 32 bytes might leave the destination string unterminated. The destination string is unterminated on purpose, but we must remember that.
-rw-r--r--src/shared/utmp-wtmp.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c
index 046fb584fb..8717dbac2d 100644
--- a/src/shared/utmp-wtmp.c
+++ b/src/shared/utmp-wtmp.c
@@ -403,10 +403,12 @@ int utmp_wall(const char *message, bool (*match_tty)(const char *tty)) {
if (u->ut_type != USER_PROCESS || u->ut_user[0] == 0)
continue;
+ /* this access is fine, because strlen("/dev/") << 32 (UT_LINESIZE) */
if (path_startswith(u->ut_line, "/dev/"))
path = u->ut_line;
else {
- if (asprintf(&buf, "/dev/%s", u->ut_line) < 0) {
+ if (asprintf(&buf, "/dev/%.*s",
+ sizeof(u->ut_line), u->ut_line) < 0) {
r = -ENOMEM;
goto finish;
}