From c252e2efa1d5171d8cd8c4d452c30f7e86ed2360 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 30 May 2000 13:12:46 +1000
Subject: [PATCH]  - Fix buffer overrun in login.c for systems which use syslen
 in utmpx.    patch from YOSHIFUJI Hideaki
 <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>

---
 ChangeLog | 2 ++
 login.c   | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index a79bb19c9..3037eac38 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 20000530
  - Define atexit for old Solaris
+ - Fix buffer overrun in login.c for systems which use syslen in utmpx.
+   patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
 
 20000520
  - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
diff --git a/login.c b/login.c
index 49853bdc2..6749a1556 100644
--- a/login.c
+++ b/login.c
@@ -18,7 +18,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: login.c,v 1.27 2000/05/17 12:00:03 damien Exp $");
+RCSID("$Id: login.c,v 1.28 2000/05/30 03:12:46 damien Exp $");
 
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 # include <utmpx.h>
@@ -217,10 +217,13 @@ record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
 # ifdef HAVE_HOST_IN_UTMPX
 #  ifdef HAVE_SYSLEN_IN_UTMPX
 	utx.ut_syslen = strlen(host);
+	if (utx.ut_syslen + 1 > sizeof(utx.ut_host))
+		utx.ut_syslen = sizeof(utx.ut_host);
 	strncpy(utx.ut_host, host, utx.ut_syslen);
 #  else
 	strncpy(utx.ut_host, host, sizeof(utx.ut_host));
 #  endif /* HAVE_SYSLEN_IN_UTMPX */
+	utx.ut_host[sizeof(utx.ut_host)-1] = '\0';
 # endif
 #if defined(HAVE_ADDR_IN_UTMPX)
 	if (addr) {
-- 
2.47.3