diff options
author | Karel Zak | 2017-03-13 12:55:44 +0100 |
---|---|---|
committer | Karel Zak | 2017-03-13 12:55:44 +0100 |
commit | bd2aece45eea531c3317e57b1ba06b30c4304554 (patch) | |
tree | c9d8cf9ca6d1884631728c839800ae97f6e39627 /login-utils/last.c | |
parent | login: prevent OOB read on illegal /etc/hushlogins (diff) | |
download | kernel-qcow2-util-linux-bd2aece45eea531c3317e57b1ba06b30c4304554.tar.gz kernel-qcow2-util-linux-bd2aece45eea531c3317e57b1ba06b30c4304554.tar.xz kernel-qcow2-util-linux-bd2aece45eea531c3317e57b1ba06b30c4304554.zip |
last: use domain string more carefully
Use xstrcpy() to explicitly terminate the domain string.
Reported-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils/last.c')
-rw-r--r-- | login-utils/last.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/login-utils/last.c b/login-utils/last.c index 340705757..679ea6c12 100644 --- a/login-utils/last.c +++ b/login-utils/last.c @@ -505,10 +505,12 @@ static int list(const struct last_control *ctl, struct utmpx *p, time_t logout_t if (ctl->usedns || ctl->useip) r = dns_lookup(domain, sizeof(domain), ctl->useip, p->ut_addr_v6); if (r < 0) { - len = sizeof(p->ut_host); - if (len >= (int)sizeof(domain)) len = sizeof(domain) - 1; - domain[0] = 0; - strncat(domain, p->ut_host, len); + size_t sz = sizeof(p->ut_host); + + if (sz > sizeof(domain)) + sz = sizeof(domain); + + xstrncpy(domain, p->ut_host, sz); } |