* libmisc/failure.h, libmisc/failure.c, src/login.c: Added

username as first parameter of failtmp to avoid issues with non-null terminated ut_user, unavailability of ut_user, incomplete username (that should not happen currently).
2009-04-20 11:37:41 +00:00 · 2009-04-20 11:37:41 +00:00 · a87e747049
commit a87e747049
parent f3bea401e9
3 changed files with 7 additions and 15 deletions
--- a/libmisc/failure.c
+++ b/libmisc/failure.c
@ -288,7 +288,7 @@ void failprint (const struct faillog *fail)
 *	maintains a record of all login failures.
 */

-void failtmp (
+void failtmp (const char *username,
 #ifdef HAVE_UTMPX_H
 		     const struct utmpx *failent
 #else
@ -320,13 +320,9 @@ void failtmp (

 	fd = open (ftmp, O_WRONLY | O_APPEND);
 	if (-1 == fd) {
-		char ut_user[sizeof failent->ut_user];
-		(void) strncpy (&ut_user[0], failent->ut_user, sizeof ut_user);
-		ut_user[sizeof ut_user - 1] = '\0';
-
 		SYSLOG ((LOG_WARN,
 		         "Can't append failure of user %s to %s.",
-		         ut_user, ftmp));
+		         username, ftmp));
 		return;
 	}

@ -336,13 +332,9 @@ void failtmp (

 	if (   (write (fd, (const void *) failent, sizeof *failent) != (ssize_t) sizeof *failent)
 	    || (close (fd) != 0)) {
-		char ut_user[sizeof failent->ut_user];
-		(void) strncpy (&ut_user[0], failent->ut_user, sizeof ut_user);
-		ut_user[sizeof ut_user - 1] = '\0';
-
 		SYSLOG ((LOG_WARN,
 		         "Can't append failure of user %s to %s.",
-		         ut_user, ftmp));
+		         username, ftmp));
 		(void) close (fd);
 	}
 }
--- a/libmisc/failure.h
+++ b/libmisc/failure.h
@ -2,7 +2,7 @@
 * Copyright (c) 1990 - 1994, Julianne Frances Haugh
 * Copyright (c) 1997 - 2000, Marek Michałkiewicz
 * Copyright (c) 2005       , Tomasz Kłoczko
- * Copyright (c) 2008       , Nicolas François
+ * Copyright (c) 2008 - 2009, Nicolas François
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@ -75,9 +75,9 @@ extern void failprint (const struct faillog *);
 *	maintains a record of all login failures.
 */
 #ifdef HAVE_UTMPX_H
-extern void failtmp (const struct utmpx *);
+extern void failtmp (const char *username, const struct utmpx *);
 #else
-extern void failtmp (const struct utmp *);
+extern void failtmp (const char *username, const struct utmp *);
 #endif

 #endif
--- a/src/login.c
+++ b/src/login.c
@ -997,7 +997,7 @@ int main (int argc, char **argv)
 			strncpy (failent.ut_user, failent_user,
 			         sizeof (failent.ut_user));
 			failent.ut_type = USER_PROCESS;
-			failtmp (&failent);
+			failtmp (failent_user, &failent);
 		}

 		retries--;