Fix is_my_tty() buffer overrun
* libmisc/utmp.c (is_my_tty): Declare the parameter as a char array, not char *, as it is not necessarily null-terminated. Avoid a read overrun when reading 'tty', which comes from 'ut_utname'. Reported-by: Paul Eggert <eggert@cs.ucla.edu> Co-developed-by: Paul Eggert <eggert@cs.ucla.edu> Signed-off-by: Alejandro Colomar <alx@kernel.org> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
parent
664d361fa5
commit
e27ca53091
@ -28,17 +28,16 @@
|
||||
/*
|
||||
* is_my_tty -- determine if "tty" is the same TTY stdin is using
|
||||
*/
|
||||
static bool is_my_tty (const char *tty)
|
||||
static bool is_my_tty (const char tty[UT_LINESIZE])
|
||||
{
|
||||
/* full_tty shall be at least sizeof utmp.ut_line + 5 */
|
||||
char full_tty[200];
|
||||
char full_tty[STRLEN("/dev/") + UT_LINESIZE + 1];
|
||||
/* tmptty shall be bigger than full_tty */
|
||||
static char tmptty[sizeof (full_tty)+1];
|
||||
|
||||
if ('/' != *tty) {
|
||||
(void) snprintf (full_tty, sizeof full_tty, "/dev/%s", tty);
|
||||
tty = &full_tty[0];
|
||||
}
|
||||
full_tty[0] = '\0';
|
||||
if (tty[0] != '/')
|
||||
strcpy (full_tty, "/dev/");
|
||||
strncat (full_tty, tty, UT_LINESIZE);
|
||||
|
||||
if ('\0' == tmptty[0]) {
|
||||
const char *tname = ttyname (STDIN_FILENO);
|
||||
@ -49,7 +48,7 @@ static bool is_my_tty (const char *tty)
|
||||
if ('\0' == tmptty[0]) {
|
||||
(void) puts (_("Unable to determine your tty name."));
|
||||
exit (EXIT_FAILURE);
|
||||
} else if (strncmp (tty, tmptty, sizeof (tmptty)) != 0) {
|
||||
} else if (strncmp (full_tty, tmptty, sizeof (tmptty)) != 0) {
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
|
Loading…
Reference in New Issue
Block a user