From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5983 invoked by alias); 22 Oct 2018 13:01:43 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 5950 invoked by uid 89); 22 Oct 2018 13:01:42 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.1 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=accounting X-Spam-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 22 Oct 2018 13:01:41 +0000 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 010203082125 for ; Mon, 22 Oct 2018 13:01:40 +0000 (UTC) Received: from oldenburg.str.redhat.com (dhcp-192-212.str.redhat.com [10.33.192.212]) by smtp.corp.redhat.com (Postfix) with ESMTP id BD90F608F3 for ; Mon, 22 Oct 2018 13:01:39 +0000 (UTC) Received: by oldenburg.str.redhat.com (Postfix, from userid 1000) id EB8504399457D; Mon, 22 Oct 2018 15:01:38 +0200 (CEST) Date: Mon, 01 Jan 2018 00:00:00 -0000 To: libc-stable@sourceware.org Subject: [2.26 COMMITTED] Avoid use of strlen in getlogin_r (bug 22447). User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20181022130138.EB8504399457D@oldenburg.str.redhat.com> From: fweimer@redhat.com (Florian Weimer) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Mon, 22 Oct 2018 13:01:40 +0000 (UTC) X-IsSubscribed: yes X-SW-Source: 2018-10/txt/msg00006.txt.bz2 From: Joseph Myers Building glibc with current mainline GCC fails, among other reasons, because of an error for use of strlen on the nonstring ut_user field. This patch changes the problem code in getlogin_r to use __strnlen instead. It also needs to set the trailing NUL byte of the result explicitly, because of the case where ut_user does not have such a trailing NUL byte (but the result should always have one). Tested for x86_64. Also tested that, in conjunction with , it fixes the build for arm with mainline GCC. [BZ #22447] * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not strlen to compute length of ut_user and set trailing NUL byte of result explicitly. (cherry picked from commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c) 2017-11-22 Joseph Myers [BZ #22447] * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not strlen to compute length of ut_user and set trailing NUL byte of result explicitly. diff --git a/NEWS b/NEWS index 33bc5196c8..5569e8d8d2 100644 --- a/NEWS +++ b/NEWS @@ -127,6 +127,7 @@ The following bugs are resolved with this release: [22375] malloc returns pointer from tcache instead of NULL (CVE-2017-17426) [22377] Provide a C++ version of iseqsig [22442] if_nametoindex: Check length of ifname before copying it + [22447] Avoid use of strlen in getlogin_r [22627] $ORIGIN in $LD_LIBRARY_PATH is substituted twice [22636] PTHREAD_STACK_MIN is too small on x86-64 [22637] nptl: Fix stack guard size accounting diff --git a/sysdeps/unix/getlogin_r.c b/sysdeps/unix/getlogin_r.c index 4a6a40eeb2..ad8e9111f6 100644 --- a/sysdeps/unix/getlogin_r.c +++ b/sysdeps/unix/getlogin_r.c @@ -80,7 +80,7 @@ __getlogin_r (char *name, size_t name_len) if (result == 0) { - size_t needed = strlen (ut->ut_user) + 1; + size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; if (needed > name_len) { @@ -89,7 +89,8 @@ __getlogin_r (char *name, size_t name_len) } else { - memcpy (name, ut->ut_user, needed); + memcpy (name, ut->ut_user, needed - 1); + name[needed - 1] = 0; result = 0; } }