From: Alejandro Colomar <alx@kernel.org>
Date: Mon, 13 Mar 2023 00:21:42 +0000 (+0100)
Subject: Fix su(1) silent truncation
X-Git-Tag: 4.14.0-rc1~122
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c210a29bc57d584db4e69a28d27fee8d75956cc;p=thirdparty%2Fshadow.git

Fix su(1) silent truncation

*  src/su.c (check_perms): Do not silently truncate user name.

Reported-by: Paul Eggert <eggert@cs.ucla.edu>
Co-developed-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
---

diff --git a/src/su.c b/src/su.c
index 9c134a9be..3402f9bea 100644
--- a/src/su.c
+++ b/src/su.c
@@ -658,7 +658,13 @@ static /*@only@*/struct passwd * check_perms (void)
 		SYSLOG ((LOG_INFO,
 		         "Change user from '%s' to '%s' as requested by PAM",
 		         name, tmp_name));
-		strlcpy (name, tmp_name, sizeof(name));
+		if (strlcpy (name, tmp_name, sizeof(name)) >= sizeof(name)) {
+			fprintf (stderr, _("Overlong user name '%s'\n"),
+			         tmp_name);
+			SYSLOG ((LOG_NOTICE, "Overlong user name '%s'",
+			         tmp_name));
+			su_failure (caller_tty, true);
+		}
 		pw = xgetpwnam (name);
 		if (NULL == pw) {
 			(void) fprintf (stderr,