NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/38201: Potential lack of null termination when copying a string
>Number: 38201
>Category: bin
>Synopsis: Potential lack of null termination when copying a string
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Mar 08 19:55:01 +0000 2008
>Originator: Chris Spiegel
>Release: netbsd-4-0-RELEASE
>Organization:
>Environment:
Not applicable--found bug porting code to another OS.
>Description:
This is for usr.bin/who/utmpentry.c.
In two places, the wrong object is null-terminated after a strncpy(), resulting
in a potential lack of null termination. Patch is included below.
>How-To-Repeat:
>Fix:
diff -ru who/utmpentry.c who.new/utmpentry.c
--- who/utmpentry.c 2006-11-27 08:54:10.000000000 -0800
+++ who.new/utmpentry.c 2008-03-07 17:18:37.819646373 -0800
@@ -277,7 +277,7 @@
(void)strncpy(e->line, up->ut_line, sizeof(up->ut_line));
e->line[sizeof(e->line) - 1] = '\0';
(void)strncpy(e->host, up->ut_host, sizeof(up->ut_host));
- e->name[sizeof(e->name) - 1] = '\0';
+ e->host[sizeof(e->host) - 1] = '\0';
e->tv.tv_sec = up->ut_time;
e->tv.tv_usec = 0;
e->pid = 0;
@@ -298,7 +298,7 @@
(void)strncpy(e->line, up->ut_line, sizeof(up->ut_line));
e->line[sizeof(e->line) - 1] = '\0';
(void)strncpy(e->host, up->ut_host, sizeof(up->ut_host));
- e->name[sizeof(e->name) - 1] = '\0';
+ e->host[sizeof(e->host) - 1] = '\0';
e->tv = up->ut_tv;
e->pid = up->ut_pid;
e->term = up->ut_exit.e_termination;
Home |
Main Index |
Thread Index |
Old Index