]> git.ipfire.org Git - thirdparty/util-linux.git/commit
projects / thirdparty / util-linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 55a5fbb) | patch
login: prevent OOB read on illegal /etc/hushlogins
authorTobias Stoeckmann <tobias@stoeckmann.org>
Sun, 12 Mar 2017 16:49:45 +0000 (17:49 +0100)
committerKarel Zak <kzak@redhat.com>
Mon, 13 Mar 2017 11:46:49 +0000 (12:46 +0100)
commitb0f97de5a4ab62de55984651a6723acfff6917ae
tree6c8fb05b42a938c8beb95996750a2c10519df467tree
parent55a5fbbc335480eb3b535fbe5f18289d9458d382commit | diff
login: prevent OOB read on illegal /etc/hushlogins

If the file /etc/hushlogins exists and a line starts with '\0', the
login tools are prone to an off-by-one read.

I see no reliability issue with this, as it would clearly need a
hostile action from a system administrator. But for the sake of
correctness, I've sent this patch nonetheless.
login-utils/logindefs.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.