diff options
| author | DJ Delorie <dj@redhat.com> | 2025-08-07 17:07:53 -0400 |
|---|---|---|
| committer | DJ Delorie <dj@redhat.com> | 2025-08-29 14:49:19 -0400 |
| commit | 6dbaed693a2497e06292ad12b0c7dfea10e087b3 (patch) | |
| tree | 76575a615c1c63907c0353126a251f4a6403def8 | |
| parent | 320cf1e1b59d656ce59478cd052f0e206f8f8bb3 (diff) | |
| download | glibc-6dbaed693a2497e06292ad12b0c7dfea10e087b3.zip glibc-6dbaed693a2497e06292ad12b0c7dfea10e087b3.tar.gz glibc-6dbaed693a2497e06292ad12b0c7dfea10e087b3.tar.bz2 | |
login: fix ut_line comparison logic
ut_line[] is not a string, it's a fixed-width character field,
and may not be NUL terminated. Thus, the use of strcmp is incorrect.
strncmp is more appropriate as it stops at the field size.
Note that differences beyond the field size do not count here,
as (1) this test doesn't do that, and (2) such differences are
traditionally ignored (i.e. logins that are silently truncated to
8 characters, etc)
While this is "only a test", we should still demonstrate the
correct way of doing things. Also, using strncmp avoids a
"not a string" warning from gcc if you use -O1 or lower,
where it can't deduce that overflow won't happen.
Reviewed-by: Sam James <sam@gentoo.org>
Reviewed-by: Collin Funk <collin.funk1@gmail.com>
| -rw-r--r-- | login/tst-utmp.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/login/tst-utmp.c b/login/tst-utmp.c index f2dbf94..d931e30 100644 --- a/login/tst-utmp.c +++ b/login/tst-utmp.c @@ -33,6 +33,7 @@ # define getutline getutxline # define getutid getutxid # define pututline pututxline +# define UT_LINESIZE __UT_LINESIZE #else # include <utmp.h> #endif @@ -153,7 +154,7 @@ simulate_login (const char *line, const char *user) for (n = 0; n < num_entries; n++) { - if (strcmp (line, entry[n].ut_line) == 0 + if (strncmp (line, entry[n].ut_line, UT_LINESIZE) == 0 || entry[n].ut_type == DEAD_PROCESS) { if (entry[n].ut_pid == DEAD_PROCESS) @@ -186,7 +187,7 @@ simulate_logout (const char *line) for (n = 0; n < num_entries; n++) { - if (strcmp (line, entry[n].ut_line) == 0) + if (strncmp (line, entry[n].ut_line, UT_LINESIZE) == 0) { entry[n].ut_type = DEAD_PROCESS; strncpy (entry[n].ut_user, "", sizeof (entry[n].ut_user)); @@ -230,7 +231,7 @@ check_login (const char *line) for (n = 0; n < num_entries; n++) { - if (strcmp (line, entry[n].ut_line) == 0) + if (strncmp (line, entry[n].ut_line, UT_LINESIZE) == 0) { if (memcmp (up, &entry[n], sizeof (struct utmp))) { @@ -287,7 +288,7 @@ check_id (const char *id) for (n = 0; n < num_entries; n++) { - if (strcmp (id, entry[n].ut_id) == 0) + if (strncmp (id, entry[n].ut_id, sizeof (entry[n].ut_id)) == 0) { if (memcmp (up, &entry[n], sizeof (struct utmp))) { |