last: use domain string more carefully

Use xstrcpy() to explicitly terminate the domain string. Reported-by: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Karel Zak <kzak@redhat.com>
author: Karel Zak 2017-03-13 12:55:44 +0100
committer: Karel Zak 2017-03-13 12:55:44 +0100
commit: bd2aece45eea531c3317e57b1ba06b30c4304554 (patch)
tree: c9d8cf9ca6d1884631728c839800ae97f6e39627 /login-utils/last.c
parent: login: prevent OOB read on illegal /etc/hushlogins (diff)
download: kernel-qcow2-util-linux-bd2aece45eea531c3317e57b1ba06b30c4304554.tar.gz
kernel-qcow2-util-linux-bd2aece45eea531c3317e57b1ba06b30c4304554.tar.xz
kernel-qcow2-util-linux-bd2aece45eea531c3317e57b1ba06b30c4304554.zip
1 files changed, 6 insertions, 4 deletions
diff --git a/login-utils/last.c b/login-utils/last.c
index 340705757..679ea6c12 100644
--- a/login-utils/last.c
+++ b/login-utils/last.c
@@ -505,10 +505,12 @@ static int list(const struct last_control *ctl, struct utmpx *p, time_t logout_t
 	if (ctl->usedns || ctl->useip)
 		r = dns_lookup(domain, sizeof(domain), ctl->useip, p->ut_addr_v6);
 	if (r < 0) {
-		len = sizeof(p->ut_host);
-		if (len >= (int)sizeof(domain)) len = sizeof(domain) - 1;
-		domain[0] = 0;
-		strncat(domain, p->ut_host, len);
+		size_t sz = sizeof(p->ut_host);
+
+		if (sz > sizeof(domain))
+			sz = sizeof(domain);
+
+		xstrncpy(domain, p->ut_host, sz);
 	}
author	Karel Zak	2017-03-13 12:55:44 +0100
committer	Karel Zak	2017-03-13 12:55:44 +0100
commit	bd2aece45eea531c3317e57b1ba06b30c4304554 (patch)
tree	c9d8cf9ca6d1884631728c839800ae97f6e39627 /login-utils/last.c
parent	login: prevent OOB read on illegal /etc/hushlogins (diff)
download	kernel-qcow2-util-linux-bd2aece45eea531c3317e57b1ba06b30c4304554.tar.gz kernel-qcow2-util-linux-bd2aece45eea531c3317e57b1ba06b30c4304554.tar.xz kernel-qcow2-util-linux-bd2aece45eea531c3317e57b1ba06b30c4304554.zip