login: fix ut_line comparison logic

ut_line[] is not a string, it's a fixed-width character field,
and may not be NUL terminated.  Thus, the use of strcmp is incorrect.
strncmp is more appropriate as it stops at the field size.

Note that differences beyond the field size do not count here,
as (1) this test doesn't do that, and (2) such differences are
traditionally ignored (i.e. logins that are silently truncated to
8 characters, etc)

While this is "only a test", we should still demonstrate the
correct way of doing things.  Also, using strncmp avoids a
"not a string" warning from gcc if you use -O1 or lower,
where it can't deduce that overflow won't happen.

Reviewed-by: Sam James <sam@gentoo.org>
Reviewed-by: Collin Funk <collin.funk1@gmail.com>

diff --git a/login/tst-utmp.c b/login/tst-utmp.c
index f2dbf9415e59714d92b2b028e00ce46815a10f55..d931e30de01c45ab3420650844b5ef3ee6f3ccb4 100644 (file)
--- a/login/tst-utmp.c
+++ b/login/tst-utmp.c
@@ -33,6 +33,7 @@
 # define getutline getutxline
 # define getutid getutxid
 # define pututline pututxline
+# define UT_LINESIZE __UT_LINESIZE
 #else
 # include <utmp.h>
 #endif
@@ -153,7 +154,7 @@ simulate_login (const char *line, const char *user)
 
   for (n = 0; n < num_entries; n++)
     {
-      if (strcmp (line, entry[n].ut_line) == 0
+      if (strncmp (line, entry[n].ut_line, UT_LINESIZE) == 0
          || entry[n].ut_type == DEAD_PROCESS)
        {
          if (entry[n].ut_pid == DEAD_PROCESS)
@@ -186,7 +187,7 @@ simulate_logout (const char *line)
 
   for (n = 0; n < num_entries; n++)
     {
-      if (strcmp (line, entry[n].ut_line) == 0)
+      if (strncmp (line, entry[n].ut_line, UT_LINESIZE) == 0)
        {
          entry[n].ut_type = DEAD_PROCESS;
          strncpy (entry[n].ut_user, "", sizeof (entry[n].ut_user));
@@ -230,7 +231,7 @@ check_login (const char *line)
 
   for (n = 0; n < num_entries; n++)
     {
-      if (strcmp (line, entry[n].ut_line) == 0)
+      if (strncmp (line, entry[n].ut_line, UT_LINESIZE) == 0)
        {
          if (memcmp (up, &entry[n], sizeof (struct utmp)))
            {
@@ -287,7 +288,7 @@ check_id (const char *id)
 
   for (n = 0; n < num_entries; n++)
     {
-      if (strcmp (id, entry[n].ut_id) == 0)
+      if (strncmp (id, entry[n].ut_id, sizeof (entry[n].ut_id)) == 0)
        {
          if (memcmp (up, &entry[n], sizeof (struct utmp)))
            {