From: Sami Kerola <kerolasa@iki.fi>
Date: Sun, 13 Jan 2019 19:48:59 +0000 (+0000)
Subject: last: fix wtmp user name buffer overflow [asan]
X-Git-Tag: v2.33.2~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aa14d687ac401f9c313190793d657218c0d0405a;hp=3e3b276c87b9bbf6017d4f4fd738877ffaeff610;p=thirdparty%2Futil-linux.git

last: fix wtmp user name buffer overflow [asan]

Ensure utmp user name field is null terminated.  Without that getpwnam() can
buffer overflow, when wtmp file is malformed.

Addresses: https://github.com/karelzak/util-linux/issues/715
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---

diff --git a/login-utils/last.c b/login-utils/last.c
index 6b25efd4c6..be744b0791 100644
--- a/login-utils/last.c
+++ b/login-utils/last.c
@@ -600,6 +600,7 @@ static int is_phantom(const struct last_control *ctl, struct utmpx *ut)
 
 	if (ut->ut_tv.tv_sec < ctl->boot_time.tv_sec)
 		return 1;
+	ut->ut_user[__UT_NAMESIZE - 1] = '\0';
 	pw = getpwnam(ut->ut_user);
 	if (!pw)
 		return 1;