From: Alejandro Colomar <alx@kernel.org>
Date: Wed, 15 Nov 2023 23:26:23 +0000 (+0100)
Subject: src/logoutd.c: Fix theoretical buffer overrun
X-Git-Tag: 4.15.0-rc1~130
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbf1d9a8004dc008f77ea24c963f195775536931;p=thirdparty%2Fshadow.git

src/logoutd.c: Fix theoretical buffer overrun

ut_line doesn't hold a string.  It is a null-padded fixed-width array.
Luckily, I don't think there has ever existed a ut_line ("/dev/tty*")
that was 32 bytes long.  That would have resulted in a buffer overrun.
Anyway, do the right thing, which is copying into a temporary string.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/src/logoutd.c b/src/logoutd.c
index 8906ad119..41458c3c2 100644
--- a/src/logoutd.c
+++ b/src/logoutd.c
@@ -43,17 +43,19 @@ static void send_mesg_to_tty (int tty_fd);
  */
 static int check_login (const struct utmp *ut)
 {
-	char user[sizeof (ut->ut_user) + 1];
-	time_t now;
+	char    user[sizeof(ut->ut_user) + 1];
+	char    line[sizeof(ut->ut_line) + 1];
+	time_t  now;
 
 	ZUSTR2STP(user, ut->ut_user);
+	ZUSTR2STP(line, ut->ut_line);
 
 	(void) time (&now);
 
 	/*
 	 * Check if they are allowed to be logged in right now.
 	 */
-	if (!isttytime (user, ut->ut_line, now)) {
+	if (!isttytime(user, line, now)) {
 		return 0;
 	}
 	return 1;