Fix is_my_tty() buffer overrun

*  libmisc/utmp.c (is_my_tty): Declare the parameter as a char array,
   not char *, as it is not necessarily null-terminated.
   Avoid a read overrun when reading 'tty', which comes from
   'ut_utname'.

Reported-by: Paul Eggert <eggert@cs.ucla.edu>
Co-developed-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Alejandro Colomar 2023-03-13 00:41:00 +01:00 committed by Iker Pedrosa
parent 664d361fa5
commit e27ca53091

View File

@ -28,17 +28,16 @@
/*
* is_my_tty -- determine if "tty" is the same TTY stdin is using
*/
static bool is_my_tty (const char *tty)
static bool is_my_tty (const char tty[UT_LINESIZE])
{
/* full_tty shall be at least sizeof utmp.ut_line + 5 */
char full_tty[200];
char full_tty[STRLEN("/dev/") + UT_LINESIZE + 1];
/* tmptty shall be bigger than full_tty */
static char tmptty[sizeof (full_tty)+1];
if ('/' != *tty) {
(void) snprintf (full_tty, sizeof full_tty, "/dev/%s", tty);
tty = &full_tty[0];
}
full_tty[0] = '\0';
if (tty[0] != '/')
strcpy (full_tty, "/dev/");
strncat (full_tty, tty, UT_LINESIZE);
if ('\0' == tmptty[0]) {
const char *tname = ttyname (STDIN_FILENO);
@ -49,7 +48,7 @@ static bool is_my_tty (const char *tty)
if ('\0' == tmptty[0]) {
(void) puts (_("Unable to determine your tty name."));
exit (EXIT_FAILURE);
} else if (strncmp (tty, tmptty, sizeof (tmptty)) != 0) {
} else if (strncmp (full_tty, tmptty, sizeof (tmptty)) != 0) {
return false;
} else {
return true;