5d0d784197
Error: BUFFER_SIZE (CWE-170): [#def6] shadow-4.8.1/libmisc/failure.c:101: buffer_size_warning: Calling "strncpy" with a maximum size argument of 12 bytes on destination array "fl->fail_line" of size 12 bytes might leave the destination string unterminated. 99| } 100| 101|-> strncpy (fl->fail_line, tty, sizeof fl->fail_line); 102| (void) time (&fl->fail_time); 103| Error: BUFFER_SIZE (CWE-170): [#def9] shadow-4.8.1/libmisc/log.c:103: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "newlog.ll_line" of size 32 bytes might leave the destination string unterminated. 101| (void) time (&ll_time); 102| newlog.ll_time = ll_time; 103|-> strncpy (newlog.ll_line, line, sizeof newlog.ll_line); 104| #if HAVE_LL_HOST 105| strncpy (newlog.ll_host, host, sizeof newlog.ll_host); Error: BUFFER_SIZE (CWE-170): [#def10] shadow-4.8.1/libmisc/log.c:105: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "newlog.ll_host" of size 256 bytes might leave the destination string unterminated. 103| strncpy (newlog.ll_line, line, sizeof newlog.ll_line); 104| #if HAVE_LL_HOST 105|-> strncpy (newlog.ll_host, host, sizeof newlog.ll_host); 106| #endif 107| if ( (lseek (fd, offset, SEEK_SET) != offset) Error: BUFFER_SIZE (CWE-170): [#def13] shadow-4.8.1/libmisc/utmp.c:260: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_line" of size 32 bytes might leave the destination string unterminated. 258| #endif /* HAVE_STRUCT_UTMP_UT_TYPE */ 259| utent->ut_pid = getpid (); 260|-> strncpy (utent->ut_line, line, sizeof (utent->ut_line)); 261| #ifdef HAVE_STRUCT_UTMP_UT_ID 262| if (NULL != ut) { Error: BUFFER_SIZE (CWE-170): [#def14] shadow-4.8.1/libmisc/utmp.c:266: buffer_size_warning: Calling "strncpy" with a maximum size argument of 4 bytes on destination array "utent->ut_id" of size 4 bytes might leave the destination string unterminated. 264| } else { 265| /* XXX - assumes /dev/tty?? */ 266|-> strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id)); 267| } 268| #endif /* HAVE_STRUCT_UTMP_UT_ID */ Error: BUFFER_SIZE (CWE-170): [#def15] shadow-4.8.1/libmisc/utmp.c:273: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_user" of size 32 bytes might leave the destination string unterminated. 271| #endif /* HAVE_STRUCT_UTMP_UT_NAME */ 272| #ifdef HAVE_STRUCT_UTMP_UT_USER 273|-> strncpy (utent->ut_user, name, sizeof (utent->ut_user)); 274| #endif /* HAVE_STRUCT_UTMP_UT_USER */ 275| if (NULL != hostname) { Error: BUFFER_SIZE (CWE-170): [#def16] shadow-4.8.1/libmisc/utmp.c:278: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "utent->ut_host" of size 256 bytes might leave the destination string unterminated. 276| struct addrinfo *info = NULL; 277| #ifdef HAVE_STRUCT_UTMP_UT_HOST 278|-> strncpy (utent->ut_host, hostname, sizeof (utent->ut_host)); 279| #endif /* HAVE_STRUCT_UTMP_UT_HOST */ 280| #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
117 lines
3.7 KiB
C
117 lines
3.7 KiB
C
/*
|
|
* Copyright (c) 1989 - 1994, Julianne Frances Haugh
|
|
* Copyright (c) 1996 - 1998, Marek Michałkiewicz
|
|
* Copyright (c) 2003 - 2005, Tomasz Kłoczko
|
|
* Copyright (c) 2008 , Nicolas François
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. The name of the copyright holders or contributors may not be used to
|
|
* endorse or promote products derived from this software without
|
|
* specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <config.h>
|
|
|
|
#ident "$Id$"
|
|
|
|
#include <sys/types.h>
|
|
#include <pwd.h>
|
|
#include <fcntl.h>
|
|
#include <time.h>
|
|
#include "defines.h"
|
|
#include <lastlog.h>
|
|
#include "prototypes.h"
|
|
|
|
/*
|
|
* dolastlog - create lastlog entry
|
|
*
|
|
* A "last login" entry is created for the user being logged in. The
|
|
* UID is extracted from the global (struct passwd) entry and the
|
|
* TTY information is gotten from the (struct utmp).
|
|
*/
|
|
void dolastlog (
|
|
struct lastlog *ll,
|
|
const struct passwd *pw,
|
|
/*@unique@*/const char *line,
|
|
/*@unique@*/const char *host)
|
|
{
|
|
int fd;
|
|
off_t offset;
|
|
struct lastlog newlog;
|
|
time_t ll_time;
|
|
|
|
/*
|
|
* If the file does not exist, don't create it.
|
|
*/
|
|
|
|
fd = open (LASTLOG_FILE, O_RDWR);
|
|
if (-1 == fd) {
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* The file is indexed by UID number. Seek to the record
|
|
* for this UID. Negative UID's will create problems, but ...
|
|
*/
|
|
|
|
offset = (off_t) pw->pw_uid * sizeof newlog;
|
|
|
|
if (lseek (fd, offset, SEEK_SET) != offset) {
|
|
SYSLOG ((LOG_WARN,
|
|
"Can't read last lastlog entry for UID %lu in %s. Entry not updated.",
|
|
(unsigned long) pw->pw_uid, LASTLOG_FILE));
|
|
(void) close (fd);
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* Read the old entry so we can tell the user when they last
|
|
* logged in. Then construct the new entry and write it out
|
|
* the way we read the old one in.
|
|
*/
|
|
|
|
if (read (fd, (void *) &newlog, sizeof newlog) != (ssize_t) sizeof newlog) {
|
|
memzero (&newlog, sizeof newlog);
|
|
}
|
|
if (NULL != ll) {
|
|
*ll = newlog;
|
|
}
|
|
|
|
ll_time = newlog.ll_time;
|
|
(void) time (&ll_time);
|
|
newlog.ll_time = ll_time;
|
|
strncpy (newlog.ll_line, line, sizeof (newlog.ll_line) - 1);
|
|
#if HAVE_LL_HOST
|
|
strncpy (newlog.ll_host, host, sizeof (newlog.ll_host) - 1);
|
|
#endif
|
|
if ( (lseek (fd, offset, SEEK_SET) != offset)
|
|
|| (write (fd, (const void *) &newlog, sizeof newlog) != (ssize_t) sizeof newlog)
|
|
|| (close (fd) != 0)) {
|
|
SYSLOG ((LOG_WARN,
|
|
"Can't write lastlog entry for UID %lu in %s.",
|
|
(unsigned long) pw->pw_uid, LASTLOG_FILE));
|
|
(void) close (fd);
|
|
}
|
|
}
|
|
|