From venglin@freebsd.lublin.pl  Fri May  6 09:23:31 2005
Return-Path: <venglin@freebsd.lublin.pl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9A42016A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  6 May 2005 09:23:31 +0000 (GMT)
Received: from mailhost.freebsd.lublin.pl (mailhost.freebsd.lublin.pl [193.138.118.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D328E43D90
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  6 May 2005 09:23:30 +0000 (GMT)
	(envelope-from venglin@freebsd.lublin.pl)
Received: from lagoon.freebsd.lublin.pl (qmailr@lagoon.freebsd.lublin.pl [193.138.118.3])
	by mailhost.freebsd.lublin.pl (8.13.1/8.13.1) with SMTP id j469NTZP048112
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 6 May 2005 11:23:29 +0200 (CEST)
	(envelope-from venglin@freebsd.lublin.pl)
Received: (qmail 47945 invoked by uid 1001); 6 May 2005 09:23:29 -0000
Message-Id: <20050506092329.47889.qmail@lagoon.freebsd.lublin.pl>
Date: 6 May 2005 09:23:29 -0000
From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Reply-To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] Missing NULL termination after strncpy() in login(1)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         80687
>Category:       bin
>Synopsis:       [patch] Missing NULL termination after strncpy() in login(1)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 06 09:30:00 GMT 2005
>Closed-Date:    Thu May 01 05:18:55 UTC 2008
>Last-Modified:  Thu May 01 05:18:55 UTC 2008
>Originator:     Przemyslaw Frasunek
>Release:        FreeBSD 4.11-STABLE i386
>Organization:
czuby.net
>Environment:
System: FreeBSD lagoon.freebsd.lublin.pl 4.11-STABLE FreeBSD 4.11-STABLE #0: Tue Feb 8 12:36:09 CET 2005 root@riget.scene.pl:/usr/src/sys/compile/RIGET i386

>Description:
	Similar to bin/80661
>How-To-Repeat:
	N/A
>Fix:
--- usr.bin/login/login.c.old   Fri May  6 11:20:19 2005
+++ usr.bin/login/login.c       Fri May  6 11:20:36 2005
@@ -512,10 +512,10 @@
        /* Nothing else left to fail -- really log in. */
        memset((void *)&utmp, 0, sizeof(utmp));
        (void)time(&utmp.ut_time);
-       (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
+       (void)strlcpy(utmp.ut_name, username, sizeof(utmp.ut_name));
        if (hostname)
-               (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
-       (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
+               (void)strlcpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
+       (void)strlcpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
        login(&utmp);

        dolastlog(quietlog);
@@ -1015,9 +1015,9 @@
                }
                memset((void *)&ll, 0, sizeof(ll));
                (void)time(&ll.ll_time);
-               (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
+               (void)strlcpy(ll.ll_line, tty, sizeof(ll.ll_line));
                if (hostname)
-                       (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));+                       (void)strlcpy(ll.ll_host, hostname, sizeof(ll.ll_host));                (void)write(fd, (char *)&ll, sizeof(ll));
                (void)close(fd);
        } else {

>Release-Note:
>Audit-Trail:

From: Bruce Evans <bde@zeta.org.au>
To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Cc: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject: Re: bin/80687: [patch] Missing NULL termination after strncpy() in
 login(1)
Date: Sat, 7 May 2005 04:18:34 +1000 (EST)

 On Fri, 6 May 2005, Przemyslaw Frasunek wrote:
 
 >> Description:
 > 	Similar to bin/80661
 >> How-To-Repeat:
 > 	N/A
 >> Fix:
 > --- usr.bin/login/login.c.old   Fri May  6 11:20:19 2005
 > +++ usr.bin/login/login.c       Fri May  6 11:20:36 2005
 > @@ -512,10 +512,10 @@
 >        /* Nothing else left to fail -- really log in. */
 >        memset((void *)&utmp, 0, sizeof(utmp));
 >        (void)time(&utmp.ut_time);
 > -       (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
 > +       (void)strlcpy(utmp.ut_name, username, sizeof(utmp.ut_name));
 >        if (hostname)
 > -               (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
 > -       (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
 > +               (void)strlcpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
 > +       (void)strlcpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
 >        login(&utmp);
 >
 >        dolastlog(quietlog);
 
 The utmp names are apparently not strings, so teminating them just breaks
 recording of some names that work now.  Everything (?) uses strn*() to
 access these names, so non-strings in them work.  I logged in as a user
 with a 16-char username and least the following programs displayed it
 correctly:
 
      w
      who
      last
      ps
 
 The bug seems to be just that the non-stringness of the names is not
 documented.
 
 Bruce
State-Changed-From-To: open->suspended 
State-Changed-By: vwe 
State-Changed-When: Wed Mar 12 02:41:49 UTC 2008 
State-Changed-Why:  

Suspend this. The patch is RELENG_4 specific (code does not have anything in 
common with anything since RELENG_5 and up). 
Also according to Bruce, the patch is believed to be not needed or wrong (2be investigated, if one wants to). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=80687 
State-Changed-From-To: suspended->closed 
State-Changed-By: linimon 
State-Changed-When: Thu May 1 05:17:51 UTC 2008 
State-Changed-Why:  
With bugmeister hat on, close this.  It is believed to be RELENG_4 specific. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=80687 
>Unformatted:
