From: mestre Date: Thu, 23 Aug 2018 06:27:54 +0000 (+0000) Subject: We can safely assume that our utmp(5) file format implementation can guarantee X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3b868dda3484415475e3b11617ea827a74427f70;p=openbsd We can safely assume that our utmp(5) file format implementation can guarantee space for the NUL character, nevertheless there will always be some piece of software that can get it wrong and corrupt the database, so we must take this into consideration. That being said, there is one strlcpy(3) that needs to be reverted back into strncpy(3) + '\0' since if we try to use a bogus wtmp(5) file with ac(8) that is big enough then the NUL char is not verified and it will write memory out-of-bounds which will make the program crash. discussed with and OK cheloha@ deraadt@ --- diff --git a/usr.sbin/ac/ac.c b/usr.sbin/ac/ac.c index f0005cea8a9..ed4f7ebefd8 100644 --- a/usr.sbin/ac/ac.c +++ b/usr.sbin/ac/ac.c @@ -187,7 +187,8 @@ update_user(struct user_list *head, char *name, time_t secs) if ((up = malloc(sizeof(struct user_list))) == NULL) err(1, "malloc"); up->next = head; - strlcpy(up->name, name, sizeof (up->name)); + strncpy(up->name, name, sizeof(up->name) - 1); + up->name[sizeof(up->name) - 1] = '\0'; up->secs = secs; Total += secs; return up;