From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 12 Mar 2017 16:49:45 +0000 (+0100)
Subject: login: prevent OOB read on illegal /etc/hushlogins
X-Git-Tag: v2.30-rc1~196
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b0f97de5a4ab62de55984651a6723acfff6917ae;p=thirdparty%2Futil-linux.git

login: prevent OOB read on illegal /etc/hushlogins

If the file /etc/hushlogins exists and a line starts with '\0', the
login tools are prone to an off-by-one read.

I see no reliability issue with this, as it would clearly need a
hostile action from a system administrator. But for the sake of
correctness, I've sent this patch nonetheless.
---

diff --git a/login-utils/logindefs.c b/login-utils/logindefs.c
index f02c4752db..213ff8d259 100644
--- a/login-utils/logindefs.c
+++ b/login-utils/logindefs.c
@@ -344,7 +344,8 @@ int get_hushlogin_status(struct passwd *pwd, int force_check)
 				continue;	/* ignore errors... */
 
 			while (ok == 0 && fgets(buf, sizeof(buf), f)) {
-				buf[strlen(buf) - 1] = '\0';
+				if (buf[0] != '\0')
+					buf[strlen(buf) - 1] = '\0';
 				ok = !strcmp(buf, *buf == '/' ? pwd->pw_shell :
 								pwd->pw_name);
 			}