From 6cd0043221b31a344db8f5dcb82822a2519a2e74 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 7 Feb 2022 13:34:43 +0100
Subject: [PATCH] last: don't assume zero terminate strings

Detected by fuzzer and AddressSanitizer. The utmp strings do not
have to be zero terminated.

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 login-utils/last.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/login-utils/last.c b/login-utils/last.c
index c7aec4c116..84629278e5 100644
--- a/login-utils/last.c
+++ b/login-utils/last.c
@@ -757,7 +757,7 @@ static void process_wtmp_file(const struct last_control *ctl,
 		else {
 			if (ut.ut_type != DEAD_PROCESS &&
 			    ut.ut_user[0] && ut.ut_line[0] &&
-			    strcmp(ut.ut_user, "LOGIN") != 0)
+			    strncmp(ut.ut_user, "LOGIN", 5) != 0)
 				ut.ut_type = USER_PROCESS;
 			/*
 			 * Even worse, applications that write ghost
@@ -770,7 +770,7 @@ static void process_wtmp_file(const struct last_control *ctl,
 			/*
 			 * Clock changes.
 			 */
-			if (strcmp(ut.ut_user, "date") == 0) {
+			if (strncmp(ut.ut_user, "date", 4) == 0) {
 				if (ut.ut_line[0] == '|')
 					ut.ut_type = OLD_TIME;
 				if (ut.ut_line[0] == '{')
-- 
2.47.2