space for the NUL character, nevertheless there will always be some piece of
software that can get it wrong and corrupt the database, so we must take this
into consideration.
That being said, there is one strlcpy(3) that needs to be reverted back into
strncpy(3) + '\0' since if we try to use a bogus wtmp(5) file with ac(8) that
is big enough then the NUL char is not verified and it will write memory
out-of-bounds which will make the program crash.
discussed with and OK cheloha@ deraadt@
if ((up = malloc(sizeof(struct user_list))) == NULL)
err(1, "malloc");
up->next = head;
- strlcpy(up->name, name, sizeof (up->name));
+ strncpy(up->name, name, sizeof(up->name) - 1);
+ up->name[sizeof(up->name) - 1] = '\0';
up->secs = secs;
Total += secs;
return up;