diff options
author | Tobias Stoeckmann | 2017-03-12 17:49:45 +0100 |
---|---|---|
committer | Karel Zak | 2017-03-13 12:46:49 +0100 |
commit | b0f97de5a4ab62de55984651a6723acfff6917ae (patch) | |
tree | 6c8fb05b42a938c8beb95996750a2c10519df467 /login-utils/logindefs.c | |
parent | libblkid: Fix blkid.conf parsing (diff) | |
download | kernel-qcow2-util-linux-b0f97de5a4ab62de55984651a6723acfff6917ae.tar.gz kernel-qcow2-util-linux-b0f97de5a4ab62de55984651a6723acfff6917ae.tar.xz kernel-qcow2-util-linux-b0f97de5a4ab62de55984651a6723acfff6917ae.zip |
login: prevent OOB read on illegal /etc/hushlogins
If the file /etc/hushlogins exists and a line starts with '\0', the
login tools are prone to an off-by-one read.
I see no reliability issue with this, as it would clearly need a
hostile action from a system administrator. But for the sake of
correctness, I've sent this patch nonetheless.
Diffstat (limited to 'login-utils/logindefs.c')
-rw-r--r-- | login-utils/logindefs.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/login-utils/logindefs.c b/login-utils/logindefs.c index f02c4752d..213ff8d25 100644 --- a/login-utils/logindefs.c +++ b/login-utils/logindefs.c @@ -344,7 +344,8 @@ int get_hushlogin_status(struct passwd *pwd, int force_check) continue; /* ignore errors... */ while (ok == 0 && fgets(buf, sizeof(buf), f)) { - buf[strlen(buf) - 1] = '\0'; + if (buf[0] != '\0') + buf[strlen(buf) - 1] = '\0'; ok = !strcmp(buf, *buf == '/' ? pwd->pw_shell : pwd->pw_name); } |