[PATCH] login: Limit strncpy to one less than buffer size

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

* [PATCH] login: Limit strncpy to one less than buffer size
@ 2021-05-11 17:17 Siddhesh Poyarekar
  2021-05-11 17:22 ` Florian Weimer
  2021-05-11 17:34 ` Andreas Schwab
  0 siblings, 2 replies; 4+ messages in thread
From: Siddhesh Poyarekar @ 2021-05-11 17:17 UTC (permalink / raw)
  To: libc-alpha

Avoid posibility of ut_line being an unterminated string.
---
 login/login.c   | 2 +-
 login/logout.c  | 2 +-
 login/logwtmp.c | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/login/login.c b/login/login.c
index d280c13f1f..0822d36753 100644
--- a/login/login.c
+++ b/login/login.c
@@ -111,7 +111,7 @@ login (const struct utmp *ut)
 	ttyp = basename (tty);
 
       /* Position to record for this tty.  */
-      strncpy (copy.ut_line, ttyp, UT_LINESIZE);
+      strncpy (copy.ut_line, ttyp, sizeof (copy.ut_line) - 1);
 
       /* Tell that we want to use the UTMP file.  */
       if (utmpname (_PATH_UTMP) == 0)
diff --git a/login/logout.c b/login/logout.c
index 3def97fc83..8978bd32bf 100644
--- a/login/logout.c
+++ b/login/logout.c
@@ -38,7 +38,7 @@ logout (const char *line)
 
   /* Fill in search information.  */
   tmp.ut_type = USER_PROCESS;
-  strncpy (tmp.ut_line, line, sizeof tmp.ut_line);
+  strncpy (tmp.ut_line, line, sizeof (tmp.ut_line) - 1);
 
   /* Read the record.  */
   if (getutline_r (&tmp, &utbuf, &ut) >= 0)
diff --git a/login/logwtmp.c b/login/logwtmp.c
index 1a7c46e9c0..bb8f13852d 100644
--- a/login/logwtmp.c
+++ b/login/logwtmp.c
@@ -33,9 +33,9 @@ logwtmp (const char *line, const char *name, const char *host)
   memset (&ut, 0, sizeof (ut));
   ut.ut_pid = getpid ();
   ut.ut_type = name[0] ? USER_PROCESS : DEAD_PROCESS;
-  strncpy (ut.ut_line, line, sizeof ut.ut_line);
-  strncpy (ut.ut_name, name, sizeof ut.ut_name);
-  strncpy (ut.ut_host, host, sizeof ut.ut_host);
+  strncpy (ut.ut_line, line, sizeof (ut.ut_line) - 1);
+  strncpy (ut.ut_name, name, sizeof (ut.ut_name) - 1);
+  strncpy (ut.ut_host, host, sizeof (ut.ut_host) - 1);
 
   struct __timespec64 ts;
   __clock_gettime64 (CLOCK_REALTIME, &ts);
-- 
2.31.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] login: Limit strncpy to one less than buffer size
  2021-05-11 17:17 [PATCH] login: Limit strncpy to one less than buffer size Siddhesh Poyarekar
@ 2021-05-11 17:22 ` Florian Weimer
  2021-05-11 17:52   ` Siddhesh Poyarekar
  2021-05-11 17:34 ` Andreas Schwab
  1 sibling, 1 reply; 4+ messages in thread
From: Florian Weimer @ 2021-05-11 17:22 UTC (permalink / raw)
  To: Siddhesh Poyarekar via Libc-alpha; +Cc: Siddhesh Poyarekar

* Siddhesh Poyarekar via Libc-alpha:

> Avoid posibility of ut_line being an unterminated string.
> ---
>  login/login.c   | 2 +-
>  login/logout.c  | 2 +-
>  login/logwtmp.c | 6 +++---
>  3 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/login/login.c b/login/login.c
> index d280c13f1f..0822d36753 100644
> --- a/login/login.c
> +++ b/login/login.c
> @@ -111,7 +111,7 @@ login (const struct utmp *ut)
>  	ttyp = basename (tty);
>  
>        /* Position to record for this tty.  */
> -      strncpy (copy.ut_line, ttyp, UT_LINESIZE);
> +      strncpy (copy.ut_line, ttyp, sizeof (copy.ut_line) - 1);

ut_line is annotated with __attribute_nonstring__, so an untermined
string is expected there.  If this came out of a static analysis tool,
the tool needs to be taught about the attribute. 8-)

Thanks,
Florian


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] login: Limit strncpy to one less than buffer size
  2021-05-11 17:17 [PATCH] login: Limit strncpy to one less than buffer size Siddhesh Poyarekar
  2021-05-11 17:22 ` Florian Weimer
@ 2021-05-11 17:34 ` Andreas Schwab
  1 sibling, 0 replies; 4+ messages in thread
From: Andreas Schwab @ 2021-05-11 17:34 UTC (permalink / raw)
  To: Siddhesh Poyarekar via Libc-alpha; +Cc: Siddhesh Poyarekar

On Mai 11 2021, Siddhesh Poyarekar via Libc-alpha wrote:

> Avoid posibility of ut_line being an unterminated string.

But they _are_.

  char ut_line[__UT_LINESIZE]
    __attribute_nonstring__;	/* Devicename.  */
  char ut_id[4]
    __attribute_nonstring__;	/* Inittab ID.  */
  char ut_user[__UT_NAMESIZE]
    __attribute_nonstring__;	/* Username.  */
  char ut_host[__UT_HOSTSIZE]
    __attribute_nonstring__;	/* Hostname for remote login.  */

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] login: Limit strncpy to one less than buffer size
  2021-05-11 17:22 ` Florian Weimer
@ 2021-05-11 17:52   ` Siddhesh Poyarekar
  0 siblings, 0 replies; 4+ messages in thread
From: Siddhesh Poyarekar @ 2021-05-11 17:52 UTC (permalink / raw)
  To: Florian Weimer, Siddhesh Poyarekar via Libc-alpha

On 5/11/21 10:52 PM, Florian Weimer via Libc-alpha wrote:
> * Siddhesh Poyarekar via Libc-alpha:
> 
>> Avoid posibility of ut_line being an unterminated string.
>> ---
>>   login/login.c   | 2 +-
>>   login/logout.c  | 2 +-
>>   login/logwtmp.c | 6 +++---
>>   3 files changed, 5 insertions(+), 5 deletions(-)
>>
>> diff --git a/login/login.c b/login/login.c
>> index d280c13f1f..0822d36753 100644
>> --- a/login/login.c
>> +++ b/login/login.c
>> @@ -111,7 +111,7 @@ login (const struct utmp *ut)
>>   	ttyp = basename (tty);
>>   
>>         /* Position to record for this tty.  */
>> -      strncpy (copy.ut_line, ttyp, UT_LINESIZE);
>> +      strncpy (copy.ut_line, ttyp, sizeof (copy.ut_line) - 1);
> 
> ut_line is annotated with __attribute_nonstring__, so an untermined
> string is expected there.  If this came out of a static analysis tool,
> the tool needs to be taught about the attribute. 8-)

Uff, yes indeed; I did the lazy thing of just reading the grep result 
from the header and not actually reading the full definition :/

I'll drop this patch.

Siddhesh

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-05-11 17:52 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-11 17:17 [PATCH] login: Limit strncpy to one less than buffer size Siddhesh Poyarekar
2021-05-11 17:22 ` Florian Weimer
2021-05-11 17:52   ` Siddhesh Poyarekar
2021-05-11 17:34 ` Andreas Schwab

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).