NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/38201: Potential lack of null termination when copying a string



>Number:         38201
>Category:       bin
>Synopsis:       Potential lack of null termination when copying a string
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Mar 08 19:55:01 +0000 2008
>Originator:     Chris Spiegel
>Release:        netbsd-4-0-RELEASE
>Organization:
>Environment:
Not applicable--found bug porting code to another OS.
>Description:
This is for usr.bin/who/utmpentry.c.

In two places, the wrong object is null-terminated after a strncpy(), resulting 
in a potential lack of null termination.  Patch is included below.
>How-To-Repeat:

>Fix:
diff -ru who/utmpentry.c who.new/utmpentry.c
--- who/utmpentry.c     2006-11-27 08:54:10.000000000 -0800
+++ who.new/utmpentry.c 2008-03-07 17:18:37.819646373 -0800
@@ -277,7 +277,7 @@
        (void)strncpy(e->line, up->ut_line, sizeof(up->ut_line));
        e->line[sizeof(e->line) - 1] = '\0';
        (void)strncpy(e->host, up->ut_host, sizeof(up->ut_host));
-       e->name[sizeof(e->name) - 1] = '\0';
+       e->host[sizeof(e->host) - 1] = '\0';
        e->tv.tv_sec = up->ut_time;
        e->tv.tv_usec = 0;
        e->pid = 0;
@@ -298,7 +298,7 @@
        (void)strncpy(e->line, up->ut_line, sizeof(up->ut_line));
        e->line[sizeof(e->line) - 1] = '\0';
        (void)strncpy(e->host, up->ut_host, sizeof(up->ut_host));
-       e->name[sizeof(e->name) - 1] = '\0';
+       e->host[sizeof(e->host) - 1] = '\0';
        e->tv = up->ut_tv;
        e->pid = up->ut_pid;
        e->term = up->ut_exit.e_termination;



Home | Main Index | Thread Index | Old Index