- (djm) [loginrec.c] Check for username truncation when looking up lastlog

   entries

diff --git a/ChangeLog b/ChangeLog
index 017c05a73167a7b168b3cfd6b37c07ab876a3a79..b8108d92f22831a1a86962d3219219415d0b0b23 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20131229
+ - (djm) [loginrec.c] Check for username truncation when looking up lastlog
+   entries
+
 20131221
  - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
 

diff --git a/loginrec.c b/loginrec.c
index 59e8a44eeeeb33368baf2623205f6810b6b88b27..8844db5402fe4f02828b17a80a981d7abccfc275 100644 (file)
--- a/loginrec.c
+++ b/loginrec.c
@@ -310,9 +310,12 @@ login_get_lastlog(struct logininfo *li, const uid_t uid)
                fatal("%s: Cannot find account for uid %ld", __func__,
                    (long)uid);
 
-       /* No MIN_SIZEOF here - we absolutely *must not* truncate the
-        * username (XXX - so check for trunc!) */
-       strlcpy(li->username, pw->pw_name, sizeof(li->username));
+       if (strlcpy(li->username, pw->pw_name, sizeof(li->username)) >=
+           sizeof(li->username)) {
+               error("%s: username too long (%lu > max %lu)", __func__,
+                   strlen(pw->pw_name), sizeof(li->username) - 1);
+               return NULL;
+       }
 
        if (getlast_entry(li))
                return (li);
@@ -320,7 +323,6 @@ login_get_lastlog(struct logininfo *li, const uid_t uid)
                return (NULL);
 }
 
-
 /*
  * login_alloc_entry(int, char*, char*, char*)    - Allocate and initialise
  *                                                  a logininfo structure