- Fix buffer overrun in login.c for systems which use syslen in utmpx.

   patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>

diff --git a/ChangeLog b/ChangeLog
index a79bb19c90966fceb0e7fdd2048c6cdcf660ad0b..3037eac38a7eb869caf78bcf6b65a51b96951a01 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 20000530
  - Define atexit for old Solaris
+ - Fix buffer overrun in login.c for systems which use syslen in utmpx.
+   patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
 
 20000520
  - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>

diff --git a/login.c b/login.c
index 49853bdc29870b4cd342476819d932e175a6dab1..6749a15568b877094b917957f91e6f61b866d592 100644 (file)
--- a/login.c
+++ b/login.c
@@ -18,7 +18,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: login.c,v 1.27 2000/05/17 12:00:03 damien Exp $");
+RCSID("$Id: login.c,v 1.28 2000/05/30 03:12:46 damien Exp $");
 
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 # include <utmpx.h>
@@ -217,10 +217,13 @@ record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
 # ifdef HAVE_HOST_IN_UTMPX
 #  ifdef HAVE_SYSLEN_IN_UTMPX
        utx.ut_syslen = strlen(host);
+       if (utx.ut_syslen + 1 > sizeof(utx.ut_host))
+               utx.ut_syslen = sizeof(utx.ut_host);
        strncpy(utx.ut_host, host, utx.ut_syslen);
 #  else
        strncpy(utx.ut_host, host, sizeof(utx.ut_host));
 #  endif /* HAVE_SYSLEN_IN_UTMPX */
+       utx.ut_host[sizeof(utx.ut_host)-1] = '\0';
 # endif
 #if defined(HAVE_ADDR_IN_UTMPX)
        if (addr) {