src/logoutd.c: Fix theoretical buffer overrun
ut_line doesn't hold a string. It is a null-padded fixed-width array.
Luckily, I don't think there has ever existed a ut_line ("/dev/tty*")
that was 32 bytes long. That would have resulted in a buffer overrun.
Anyway, do the right thing, which is copying into a temporary string.
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
committed by
Iker Pedrosa
parent
2eceb4381c
commit
bbf1d9a800
+5
-3
@@ -43,17 +43,19 @@ static void send_mesg_to_tty (int tty_fd);
|
||||
*/
|
||||
static int check_login (const struct utmp *ut)
|
||||
{
|
||||
char user[sizeof (ut->ut_user) + 1];
|
||||
time_t now;
|
||||
char user[sizeof(ut->ut_user) + 1];
|
||||
char line[sizeof(ut->ut_line) + 1];
|
||||
time_t now;
|
||||
|
||||
ZUSTR2STP(user, ut->ut_user);
|
||||
ZUSTR2STP(line, ut->ut_line);
|
||||
|
||||
(void) time (&now);
|
||||
|
||||
/*
|
||||
* Check if they are allowed to be logged in right now.
|
||||
*/
|
||||
if (!isttytime (user, ut->ut_line, now)) {
|
||||
if (!isttytime(user, line, now)) {
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
|
||||
Reference in New Issue
Block a user