calls to cuserid() can result in buffer overruns and/or overflows

author Jonathan Geisler <jgeisler@cse.taylor.edu>

Wed, 24 Mar 2010 23:02:15 +0000 (16:02 -0700)

committer Petr Baudis <pasky@ucw.cz>

Wed, 12 May 2010 00:21:02 +0000 (02:21 +0200)
author Jonathan Geisler <jgeisler@cse.taylor.edu>
Wed, 24 Mar 2010 23:02:15 +0000 (16:02 -0700)
committer Petr Baudis <pasky@ucw.cz>
Wed, 12 May 2010 00:21:02 +0000 (02:21 +0200)
diff --git a/ChangeLog b/ChangeLog

index eece5e957b39c1200a6395ace4a79094afc5dd10..3198695b54f44643e4f3774ba27fc71ccb5b764c 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2010-03-24  Ulrich Drepper  <drepper@redhat.com>
+
+       [BZ #11397]
+       * sysdeps/posix/cuserid.c (cuserid): Make sure the returned string
+       is NUL terminated.
+       Patch by Jonathan Geisler <jgeisler@cse.taylor.edu>.
+
  2010-03-02  Richard Guenther  <rguenther@suse.de>
  
         * sysdeps/x86_64/dl-machine.h (elf_machine_rela): R_X86_64_PC32
diff --git a/sysdeps/posix/cuserid.c b/sysdeps/posix/cuserid.c

index 11c827a6868743088855f200684965c6d286c85c..f30c20e3f88bd99ececbfd998c0390050ec4358e 100644 (file)
--- a/sysdeps/posix/cuserid.c
+++ b/sysdeps/posix/cuserid.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1991, 1996, 1998, 1999, 2001 Free Software Foundation, Inc.
+/* Copyright (C) 1991, 1996, 1998, 1999, 2001, 2010 Free Software Foundation, Inc.
     This file is part of the GNU C Library.
  
     The GNU C Library is free software; you can redistribute it and/or
@@ -44,5 +44,6 @@ cuserid (s)
  
    if (s == NULL)
      s = name;
-  return strncpy (s, pwptr->pw_name, L_cuserid);
+  s[L_userid - 1] = '\0';
+  return strncpy (s, pwptr->pw_name, L_cuserid - 1);
  }
author	Jonathan Geisler <jgeisler@cse.taylor.edu>
	Wed, 24 Mar 2010 23:02:15 +0000 (16:02 -0700)
committer	Petr Baudis <pasky@ucw.cz>
	Wed, 12 May 2010 00:21:02 +0000 (02:21 +0200)
ChangeLog		patch \| blob \| blame \| history
sysdeps/posix/cuserid.c		patch \| blob \| blame \| history