public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/26657] New: strncpy in login/login.c line 114 might leave the destination string unterminate
@ 2020-09-23 11:57 xiechengliang1 at huawei dot com
2020-09-23 12:10 ` [Bug libc/26657] " schwab@linux-m68k.org
2020-09-23 12:42 ` fweimer at redhat dot com
0 siblings, 2 replies; 3+ messages in thread
From: xiechengliang1 at huawei dot com @ 2020-09-23 11:57 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26657
Bug ID: 26657
Summary: strncpy in login/login.c line 114 might leave the
destination string unterminate
Product: glibc
Version: 2.31
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: xiechengliang1 at huawei dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
The glibc-2.31/login/login.c 114 line contains the following code:
strncpy (copy.ut_line, ttyp, UT_LINESIZE);
The UT_LINESIZE size is 32 bytes,and the size of the destination array
"copy.ut_line" is also 32 bytes. The code cannot ensure that the "ttyp" ends
with '\0'. so calling "strncpy" might leave the destination string
unterminated. When strlen is used to obtain the length of the "copy.ut_line"
array, a buffer overflow occurs.
Consider setting the 32nd bit of the "copy.ut_line" array to '\0' to fix it.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/26657] strncpy in login/login.c line 114 might leave the destination string unterminate
2020-09-23 11:57 [Bug libc/26657] New: strncpy in login/login.c line 114 might leave the destination string unterminate xiechengliang1 at huawei dot com
@ 2020-09-23 12:10 ` schwab@linux-m68k.org
2020-09-23 12:42 ` fweimer at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: schwab@linux-m68k.org @ 2020-09-23 12:10 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26657
Andreas Schwab <schwab@linux-m68k.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Andreas Schwab <schwab@linux-m68k.org> ---
This is not a bug. The fields in the utmp file are not strings, but fixed size
records.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/26657] strncpy in login/login.c line 114 might leave the destination string unterminate
2020-09-23 11:57 [Bug libc/26657] New: strncpy in login/login.c line 114 might leave the destination string unterminate xiechengliang1 at huawei dot com
2020-09-23 12:10 ` [Bug libc/26657] " schwab@linux-m68k.org
@ 2020-09-23 12:42 ` fweimer at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: fweimer at redhat dot com @ 2020-09-23 12:42 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26657
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
CC| |fweimer at redhat dot com
--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
And this why we have marked those strings with the nonstring attribute. In case
you use a static analysis tool to catch these issues, you should teach it about
the attribute, so that the tool does not issue such false reports.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-09-23 12:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-23 11:57 [Bug libc/26657] New: strncpy in login/login.c line 114 might leave the destination string unterminate xiechengliang1 at huawei dot com
2020-09-23 12:10 ` [Bug libc/26657] " schwab@linux-m68k.org
2020-09-23 12:42 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).