commit-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-101-g393f4


From: Tim Ruehsen
Subject: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-101-g393f4c6
Date: Sat, 29 Feb 2020 14:10:25 -0500 (EST)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  393f4c6c3e3761ceed843cb3990169a5ef2f89d1 (commit)
      from  2343dc2e3547bb4c724c486bdad9c4ba7468053f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=393f4c6c3e3761ceed843cb3990169a5ef2f89d1


commit 393f4c6c3e3761ceed843cb3990169a5ef2f89d1
Author: Tim Rühsen <address@hidden>
Date:   Sat Feb 29 20:10:21 2020 +0100

    uucpd: Fix buffer overflows

diff --git a/src/uucpd.c b/src/uucpd.c
index 5674004..edebb20 100644
--- a/src/uucpd.c
+++ b/src/uucpd.c
@@ -310,13 +310,15 @@ dologout (void)
     }
 }
 
+# define SCPYN(a, b)   strncpy(a, b, sizeof (a) - 1); (a)[sizeof (a) - 1] = 0
+
 /*
  * Record login in wtmp file.
  */
 void
 dologin (struct passwd *pw, struct sockaddr *sap, socklen_t salen)
 {
-  char line[32];
+  char line[NI_MAXHOST]; /* remote is copied here later on */
 #if defined PATH_LASTLOG && defined HAVE_STRUCT_LASTLOG
   int f;
 #endif
@@ -353,7 +355,7 @@ dologin (struct passwd *pw, struct sockaddr *sap, socklen_t 
salen)
 
   if (hp)
     {
-      strncpy (remotehost, hp->h_name, sizeof (remotehost));
+      SCPYN (remotehost, hp->h_name);
       endhostent ();
     }
   else
@@ -378,9 +380,9 @@ dologin (struct passwd *pw, struct sockaddr *sap, socklen_t 
salen)
 
     ut.ut_type = USER_PROCESS;
     ut.ut_pid = getpid();
-    strncpy (ut.ut_line, line, sizeof (ut.ut_line));
-    strncpy (ut.ut_user, pw->pw_name, sizeof (ut.ut_user));
-    strncpy (ut.ut_host, remotehost, sizeof (ut.ut_host));
+    SCPYN (ut.ut_line, line);
+    SCPYN (ut.ut_user, pw->pw_name);
+    SCPYN (ut.ut_host, remotehost);
 # ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
     if (strlen (remotehost) < sizeof (ut.ut_host))
       ut.ut_syslen = strlen (remotehost) + 1;
@@ -398,7 +400,6 @@ dologin (struct passwd *pw, struct sockaddr *sap, socklen_t 
salen)
 #endif /* HAVE_PUTUTXLINE && !HAVE_LOGWTMPX && !HAVE_LOGWTMP */
 
 #if defined PATH_LASTLOG && defined HAVE_STRUCT_LASTLOG
-# define SCPYN(a, b)   strncpy(a, b, sizeof (a))
   f = open (PATH_LASTLOG, O_RDWR);
   if (f >= 0)
     {
@@ -408,7 +409,7 @@ dologin (struct passwd *pw, struct sockaddr *sap, socklen_t 
salen)
       time (&t);
       ll.ll_time = t;
       lseek (f, (long) pw->pw_uid * sizeof (struct lastlog), 0);
-      strcpy (line, remotehost);
+      SCPYN (line, remotehost);
       SCPYN (ll.ll_line, line);
       SCPYN (ll.ll_host, remotehost);
       write (f, (char *) &ll, sizeof (ll));

-----------------------------------------------------------------------

Summary of changes:
 src/uucpd.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
GNU Inetutils 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]