diff options
author | Alejandro Colomar <alx@kernel.org> | 2023-03-13 00:41:00 +0100 |
---|---|---|
committer | Iker Pedrosa <ikerpedrosam@gmail.com> | 2023-03-28 13:00:38 +0200 |
commit | e27ca530912c9386f2a60656b4a2b713521f82b1 (patch) | |
tree | 3277c9c26cfcfabe21624eca843e7571fee23c05 | |
parent | 664d361fa549a3be5a00607ec6723f95ce33c688 (diff) |
Fix is_my_tty() buffer overrun
* libmisc/utmp.c (is_my_tty): Declare the parameter as a char array,
not char *, as it is not necessarily null-terminated.
Avoid a read overrun when reading 'tty', which comes from
'ut_utname'.
Reported-by: Paul Eggert <eggert@cs.ucla.edu>
Co-developed-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
-rw-r--r-- | libmisc/utmp.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/libmisc/utmp.c b/libmisc/utmp.c index ff6acee0..b35382ef 100644 --- a/libmisc/utmp.c +++ b/libmisc/utmp.c @@ -28,17 +28,16 @@ /* * is_my_tty -- determine if "tty" is the same TTY stdin is using */ -static bool is_my_tty (const char *tty) +static bool is_my_tty (const char tty[UT_LINESIZE]) { - /* full_tty shall be at least sizeof utmp.ut_line + 5 */ - char full_tty[200]; + char full_tty[STRLEN("/dev/") + UT_LINESIZE + 1]; /* tmptty shall be bigger than full_tty */ - static char tmptty[sizeof (full_tty)+1]; + static char tmptty[sizeof (full_tty)+1]; - if ('/' != *tty) { - (void) snprintf (full_tty, sizeof full_tty, "/dev/%s", tty); - tty = &full_tty[0]; - } + full_tty[0] = '\0'; + if (tty[0] != '/') + strcpy (full_tty, "/dev/"); + strncat (full_tty, tty, UT_LINESIZE); if ('\0' == tmptty[0]) { const char *tname = ttyname (STDIN_FILENO); @@ -49,7 +48,7 @@ static bool is_my_tty (const char *tty) if ('\0' == tmptty[0]) { (void) puts (_("Unable to determine your tty name.")); exit (EXIT_FAILURE); - } else if (strncmp (tty, tmptty, sizeof (tmptty)) != 0) { + } else if (strncmp (full_tty, tmptty, sizeof (tmptty)) != 0) { return false; } else { return true; |