shadow/libmisc/log.c

117 lines
3.7 KiB
C
Raw Normal View History

/*
* Copyright (c) 1989 - 1994, Julianne Frances Haugh
* Copyright (c) 1996 - 1998, Marek Michałkiewicz
* Copyright (c) 2003 - 2005, Tomasz Kłoczko
* Copyright (c) 2008 , Nicolas François
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the copyright holders or contributors may not be used to
* endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <config.h>
#ident "$Id$"
#include <sys/types.h>
#include <pwd.h>
#include <fcntl.h>
#include <time.h>
#include "defines.h"
#include <lastlog.h>
#include "prototypes.h"
2021-08-18 23:36:02 +05:30
/*
* dolastlog - create lastlog entry
*
* A "last login" entry is created for the user being logged in. The
* UID is extracted from the global (struct passwd) entry and the
* TTY information is gotten from the (struct utmp).
*/
void dolastlog (
struct lastlog *ll,
const struct passwd *pw,
/*@unique@*/const char *line,
/*@unique@*/const char *host)
{
int fd;
off_t offset;
struct lastlog newlog;
time_t ll_time;
/*
* If the file does not exist, don't create it.
*/
fd = open (LASTLOG_FILE, O_RDWR);
if (-1 == fd) {
return;
}
/*
* The file is indexed by UID number. Seek to the record
* for this UID. Negative UID's will create problems, but ...
*/
offset = (off_t) pw->pw_uid * sizeof newlog;
if (lseek (fd, offset, SEEK_SET) != offset) {
SYSLOG ((LOG_WARN,
"Can't read last lastlog entry for UID %lu in %s. Entry not updated.",
(unsigned long) pw->pw_uid, LASTLOG_FILE));
(void) close (fd);
return;
}
/*
* Read the old entry so we can tell the user when they last
* logged in. Then construct the new entry and write it out
* the way we read the old one in.
*/
if (read (fd, (void *) &newlog, sizeof newlog) != (ssize_t) sizeof newlog) {
memzero (&newlog, sizeof newlog);
}
if (NULL != ll) {
*ll = newlog;
}
ll_time = newlog.ll_time;
(void) time (&ll_time);
newlog.ll_time = ll_time;
Fix covscan BUFFER_SIZE Error: BUFFER_SIZE (CWE-170): [#def6] shadow-4.8.1/libmisc/failure.c:101: buffer_size_warning: Calling "strncpy" with a maximum size argument of 12 bytes on destination array "fl->fail_line" of size 12 bytes might leave the destination string unterminated. 99| } 100| 101|-> strncpy (fl->fail_line, tty, sizeof fl->fail_line); 102| (void) time (&fl->fail_time); 103| Error: BUFFER_SIZE (CWE-170): [#def9] shadow-4.8.1/libmisc/log.c:103: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "newlog.ll_line" of size 32 bytes might leave the destination string unterminated. 101| (void) time (&ll_time); 102| newlog.ll_time = ll_time; 103|-> strncpy (newlog.ll_line, line, sizeof newlog.ll_line); 104| #if HAVE_LL_HOST 105| strncpy (newlog.ll_host, host, sizeof newlog.ll_host); Error: BUFFER_SIZE (CWE-170): [#def10] shadow-4.8.1/libmisc/log.c:105: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "newlog.ll_host" of size 256 bytes might leave the destination string unterminated. 103| strncpy (newlog.ll_line, line, sizeof newlog.ll_line); 104| #if HAVE_LL_HOST 105|-> strncpy (newlog.ll_host, host, sizeof newlog.ll_host); 106| #endif 107| if ( (lseek (fd, offset, SEEK_SET) != offset) Error: BUFFER_SIZE (CWE-170): [#def13] shadow-4.8.1/libmisc/utmp.c:260: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_line" of size 32 bytes might leave the destination string unterminated. 258| #endif /* HAVE_STRUCT_UTMP_UT_TYPE */ 259| utent->ut_pid = getpid (); 260|-> strncpy (utent->ut_line, line, sizeof (utent->ut_line)); 261| #ifdef HAVE_STRUCT_UTMP_UT_ID 262| if (NULL != ut) { Error: BUFFER_SIZE (CWE-170): [#def14] shadow-4.8.1/libmisc/utmp.c:266: buffer_size_warning: Calling "strncpy" with a maximum size argument of 4 bytes on destination array "utent->ut_id" of size 4 bytes might leave the destination string unterminated. 264| } else { 265| /* XXX - assumes /dev/tty?? */ 266|-> strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id)); 267| } 268| #endif /* HAVE_STRUCT_UTMP_UT_ID */ Error: BUFFER_SIZE (CWE-170): [#def15] shadow-4.8.1/libmisc/utmp.c:273: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_user" of size 32 bytes might leave the destination string unterminated. 271| #endif /* HAVE_STRUCT_UTMP_UT_NAME */ 272| #ifdef HAVE_STRUCT_UTMP_UT_USER 273|-> strncpy (utent->ut_user, name, sizeof (utent->ut_user)); 274| #endif /* HAVE_STRUCT_UTMP_UT_USER */ 275| if (NULL != hostname) { Error: BUFFER_SIZE (CWE-170): [#def16] shadow-4.8.1/libmisc/utmp.c:278: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "utent->ut_host" of size 256 bytes might leave the destination string unterminated. 276| struct addrinfo *info = NULL; 277| #ifdef HAVE_STRUCT_UTMP_UT_HOST 278|-> strncpy (utent->ut_host, hostname, sizeof (utent->ut_host)); 279| #endif /* HAVE_STRUCT_UTMP_UT_HOST */ 280| #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-06-16 13:20:53 +05:30
strncpy (newlog.ll_line, line, sizeof (newlog.ll_line) - 1);
#if HAVE_LL_HOST
Fix covscan BUFFER_SIZE Error: BUFFER_SIZE (CWE-170): [#def6] shadow-4.8.1/libmisc/failure.c:101: buffer_size_warning: Calling "strncpy" with a maximum size argument of 12 bytes on destination array "fl->fail_line" of size 12 bytes might leave the destination string unterminated. 99| } 100| 101|-> strncpy (fl->fail_line, tty, sizeof fl->fail_line); 102| (void) time (&fl->fail_time); 103| Error: BUFFER_SIZE (CWE-170): [#def9] shadow-4.8.1/libmisc/log.c:103: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "newlog.ll_line" of size 32 bytes might leave the destination string unterminated. 101| (void) time (&ll_time); 102| newlog.ll_time = ll_time; 103|-> strncpy (newlog.ll_line, line, sizeof newlog.ll_line); 104| #if HAVE_LL_HOST 105| strncpy (newlog.ll_host, host, sizeof newlog.ll_host); Error: BUFFER_SIZE (CWE-170): [#def10] shadow-4.8.1/libmisc/log.c:105: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "newlog.ll_host" of size 256 bytes might leave the destination string unterminated. 103| strncpy (newlog.ll_line, line, sizeof newlog.ll_line); 104| #if HAVE_LL_HOST 105|-> strncpy (newlog.ll_host, host, sizeof newlog.ll_host); 106| #endif 107| if ( (lseek (fd, offset, SEEK_SET) != offset) Error: BUFFER_SIZE (CWE-170): [#def13] shadow-4.8.1/libmisc/utmp.c:260: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_line" of size 32 bytes might leave the destination string unterminated. 258| #endif /* HAVE_STRUCT_UTMP_UT_TYPE */ 259| utent->ut_pid = getpid (); 260|-> strncpy (utent->ut_line, line, sizeof (utent->ut_line)); 261| #ifdef HAVE_STRUCT_UTMP_UT_ID 262| if (NULL != ut) { Error: BUFFER_SIZE (CWE-170): [#def14] shadow-4.8.1/libmisc/utmp.c:266: buffer_size_warning: Calling "strncpy" with a maximum size argument of 4 bytes on destination array "utent->ut_id" of size 4 bytes might leave the destination string unterminated. 264| } else { 265| /* XXX - assumes /dev/tty?? */ 266|-> strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id)); 267| } 268| #endif /* HAVE_STRUCT_UTMP_UT_ID */ Error: BUFFER_SIZE (CWE-170): [#def15] shadow-4.8.1/libmisc/utmp.c:273: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_user" of size 32 bytes might leave the destination string unterminated. 271| #endif /* HAVE_STRUCT_UTMP_UT_NAME */ 272| #ifdef HAVE_STRUCT_UTMP_UT_USER 273|-> strncpy (utent->ut_user, name, sizeof (utent->ut_user)); 274| #endif /* HAVE_STRUCT_UTMP_UT_USER */ 275| if (NULL != hostname) { Error: BUFFER_SIZE (CWE-170): [#def16] shadow-4.8.1/libmisc/utmp.c:278: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "utent->ut_host" of size 256 bytes might leave the destination string unterminated. 276| struct addrinfo *info = NULL; 277| #ifdef HAVE_STRUCT_UTMP_UT_HOST 278|-> strncpy (utent->ut_host, hostname, sizeof (utent->ut_host)); 279| #endif /* HAVE_STRUCT_UTMP_UT_HOST */ 280| #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-06-16 13:20:53 +05:30
strncpy (newlog.ll_host, host, sizeof (newlog.ll_host) - 1);
#endif
if ( (lseek (fd, offset, SEEK_SET) != offset)
|| (write (fd, (const void *) &newlog, sizeof newlog) != (ssize_t) sizeof newlog)
|| (close (fd) != 0)) {
SYSLOG ((LOG_WARN,
"Can't write lastlog entry for UID %lu in %s.",
(unsigned long) pw->pw_uid, LASTLOG_FILE));
(void) close (fd);
}
}