From: Karel Zak Date: Mon, 7 Feb 2022 12:34:43 +0000 (+0100) Subject: last: don't assume zero terminate strings X-Git-Tag: v2.38-rc2~41 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6cd0043221b31a344db8f5dcb82822a2519a2e74;p=thirdparty%2Futil-linux.git last: don't assume zero terminate strings Detected by fuzzer and AddressSanitizer. The utmp strings do not have to be zero terminated. Signed-off-by: Karel Zak --- diff --git a/login-utils/last.c b/login-utils/last.c index c7aec4c116..84629278e5 100644 --- a/login-utils/last.c +++ b/login-utils/last.c @@ -757,7 +757,7 @@ static void process_wtmp_file(const struct last_control *ctl, else { if (ut.ut_type != DEAD_PROCESS && ut.ut_user[0] && ut.ut_line[0] && - strcmp(ut.ut_user, "LOGIN") != 0) + strncmp(ut.ut_user, "LOGIN", 5) != 0) ut.ut_type = USER_PROCESS; /* * Even worse, applications that write ghost @@ -770,7 +770,7 @@ static void process_wtmp_file(const struct last_control *ctl, /* * Clock changes. */ - if (strcmp(ut.ut_user, "date") == 0) { + if (strncmp(ut.ut_user, "date", 4) == 0) { if (ut.ut_line[0] == '|') ut.ut_type = OLD_TIME; if (ut.ut_line[0] == '{')