Fix su(1) silent truncation

*  src/su.c (check_perms): Do not silently truncate user name.

Reported-by: Paul Eggert <eggert@cs.ucla.edu>
Co-developed-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>

diff --git a/src/su.c b/src/su.c
index 9c134a9be296601e5da1713b2af0180ad9dc7e5c..3402f9bea1485607f47ac69e78b36b5beb15e95f 100644 (file)
--- a/src/su.c
+++ b/src/su.c
@@ -658,7 +658,13 @@ static /*@only@*/struct passwd * check_perms (void)
                SYSLOG ((LOG_INFO,
                         "Change user from '%s' to '%s' as requested by PAM",
                         name, tmp_name));
-               strlcpy (name, tmp_name, sizeof(name));
+               if (strlcpy (name, tmp_name, sizeof(name)) >= sizeof(name)) {
+                       fprintf (stderr, _("Overlong user name '%s'\n"),
+                                tmp_name);
+                       SYSLOG ((LOG_NOTICE, "Overlong user name '%s'",
+                                tmp_name));
+                       su_failure (caller_tty, true);
+               }
                pw = xgetpwnam (name);
                if (NULL == pw) {
                        (void) fprintf (stderr,