From: Karel Zak <kzak@redhat.com>
Date: Thu, 9 Jul 2020 08:10:58 +0000 (+0200)
Subject: last: fix use of non-terminated utmp->ut_line
X-Git-Tag: v2.36-rc2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=10a0a9cbc567cd4d70e43b5d15f3764b7d21dbc2;p=thirdparty%2Futil-linux.git

last: fix use of non-terminated utmp->ut_line

Addresses: https://github.com/karelzak/util-linux/pull/1097
Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/login-utils/last.c b/login-utils/last.c
index 77c5e1b47f..9d71ba4435 100644
--- a/login-utils/last.c
+++ b/login-utils/last.c
@@ -612,7 +612,7 @@ static int is_phantom(const struct last_control *ctl, struct utmpx *ut)
 	pw = getpwnam(ut->ut_user);
 	if (!pw)
 		return 1;
-	sprintf(path, "/proc/%u/loginuid", ut->ut_pid);
+	snprintf(path, sizeof(path), "/proc/%u/loginuid", ut->ut_pid);
 	if (access(path, R_OK) == 0) {
 		unsigned int loginuid;
 		FILE *f = NULL;
@@ -626,8 +626,11 @@ static int is_phantom(const struct last_control *ctl, struct utmpx *ut)
 			return 1;
 	} else {
 		struct stat st;
+		char utline[sizeof(ut->ut_line) + 1];
 
-		sprintf(path, "/dev/%s", ut->ut_line);
+		mem2strcpy(utline, ut->ut_line, sizeof(ut->ut_line), sizeof(utline));
+
+		snprintf(path, sizeof(path), "/dev/%s", utline);
 		if (stat(path, &st))
 			return 1;
 		if (pw->pw_uid != st.st_uid)