2007-10-07 11:44:02 +00:00
|
|
|
/*
|
2021-12-05 09:35:27 -06:00
|
|
|
* SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
|
|
|
|
* SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz
|
|
|
|
* SPDX-FileCopyrightText: 2001 - 2005, Tomasz Kłoczko
|
|
|
|
* SPDX-FileCopyrightText: 2008 - 2009, Nicolas François
|
2007-10-07 11:44:02 +00:00
|
|
|
*
|
2021-12-05 09:35:27 -06:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include "defines.h"
|
2008-01-05 13:23:22 +00:00
|
|
|
#include "prototypes.h"
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2018-06-24 00:13:12 -05:00
|
|
|
#include <utmp.h>
|
2009-04-21 22:39:14 +00:00
|
|
|
#include <assert.h>
|
2022-09-28 23:19:37 +02:00
|
|
|
#include <sys/param.h>
|
2013-08-07 02:17:52 +02:00
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/socket.h>
|
2009-04-21 22:39:14 +00:00
|
|
|
#include <netdb.h>
|
2007-10-07 11:44:02 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
2007-11-10 23:46:11 +00:00
|
|
|
#ident "$Id$"
|
2007-10-07 11:47:01 +00:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2008-11-22 23:56:11 +00:00
|
|
|
/*
|
|
|
|
* is_my_tty -- determine if "tty" is the same TTY stdin is using
|
|
|
|
*/
|
|
|
|
static bool is_my_tty (const char *tty)
|
|
|
|
{
|
2009-04-22 20:57:29 +00:00
|
|
|
/* full_tty shall be at least sizeof utmp.ut_line + 5 */
|
2008-11-22 23:56:11 +00:00
|
|
|
char full_tty[200];
|
2009-04-22 20:57:29 +00:00
|
|
|
/* tmptty shall be bigger than full_tty */
|
|
|
|
static char tmptty[sizeof (full_tty)+1];
|
2008-11-22 23:56:11 +00:00
|
|
|
|
|
|
|
if ('/' != *tty) {
|
2009-04-22 20:57:29 +00:00
|
|
|
(void) snprintf (full_tty, sizeof full_tty, "/dev/%s", tty);
|
|
|
|
tty = &full_tty[0];
|
2008-11-22 23:56:11 +00:00
|
|
|
}
|
|
|
|
|
2009-04-22 20:57:29 +00:00
|
|
|
if ('\0' == tmptty[0]) {
|
|
|
|
const char *tname = ttyname (STDIN_FILENO);
|
Use strlcpy(3) instead of its pattern
- Since strncpy(3) is not designed to write strings, but rather
(null-padded) character sequences (a.k.a. unterminated strings), we
had to manually append a '\0'. strlcpy(3) creates strings, so they
are always terminated. This removes dependencies between lines, and
also removes chances of accidents.
- Repurposing strncpy(3) to create strings requires calculating the
location of the terminating null byte, which involves a '-1'
calculation. This is a source of off-by-one bugs. The new code has
no '-1' calculations, so there's almost-zero chance of these bugs.
- strlcpy(3) doesn't padd with null bytes. Padding is relevant when
writing fixed-width buffers to binary files, when interfacing certain
APIs (I believe utmpx requires null padding at lease in some
systems), or when sending them to other processes or through the
network. This is not the case, so padding is effectively ignored.
- strlcpy(3) requires that the input string is really a string;
otherwise it crashes (SIGSEGV). Let's check if the input strings are
really strings:
- lib/fields.c:
- 'cp' was assigned from 'newft', and 'newft' comes from fgets(3).
- lib/gshadow.c:
- strlen(string) is calculated a few lines above.
- libmisc/console.c:
- 'cons' comes from getdef_str, which is a bit cryptic, but seems
to generate strings, I guess.1
- libmisc/date_to_str.c:
- It receives a string literal. :)
- libmisc/utmp.c:
- 'tname' comes from ttyname(3), which returns a string.
- src/su.c:
- 'tmp_name' has been passed to strcmp(3) a few lines above.
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2022-12-16 04:13:53 +01:00
|
|
|
if (NULL != tname)
|
|
|
|
(void) strlcpy (tmptty, tname, sizeof tmptty);
|
2008-11-22 23:56:11 +00:00
|
|
|
}
|
|
|
|
|
2009-09-07 19:50:00 +00:00
|
|
|
if ('\0' == tmptty[0]) {
|
2009-04-21 22:39:14 +00:00
|
|
|
(void) puts (_("Unable to determine your tty name."));
|
|
|
|
exit (EXIT_FAILURE);
|
2009-04-22 20:57:29 +00:00
|
|
|
} else if (strncmp (tty, tmptty, sizeof (tmptty)) != 0) {
|
2008-11-22 23:56:11 +00:00
|
|
|
return false;
|
|
|
|
} else {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/*
|
2009-04-21 22:39:14 +00:00
|
|
|
* get_current_utmp - return the most probable utmp entry for the current
|
|
|
|
* session
|
2007-10-07 11:44:02 +00:00
|
|
|
*
|
2009-04-21 22:39:14 +00:00
|
|
|
* The utmp file is scanned for an entry with the same process ID.
|
2017-10-22 19:10:41 +00:00
|
|
|
* The line entered by the *getty / telnetd, etc. should also match
|
2009-04-21 22:39:14 +00:00
|
|
|
* the current terminal.
|
2007-10-07 11:44:02 +00:00
|
|
|
*
|
2009-04-21 22:39:14 +00:00
|
|
|
* When an entry is returned by get_current_utmp, and if the utmp
|
|
|
|
* structure has a ut_id field, this field should be used to update
|
|
|
|
* the entry information.
|
|
|
|
*
|
|
|
|
* Return NULL if no entries exist in utmp for the current process.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
/*@null@*/ /*@only@*/struct utmp *get_current_utmp (void)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
|
|
|
struct utmp *ut;
|
2009-04-21 22:39:14 +00:00
|
|
|
struct utmp *ret = NULL;
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2007-10-07 11:45:23 +00:00
|
|
|
setutent ();
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* First, try to find a valid utmp entry for this process. */
|
2008-11-22 23:56:11 +00:00
|
|
|
while ((ut = getutent ()) != NULL) {
|
2009-04-21 22:39:14 +00:00
|
|
|
if ( (ut->ut_pid == getpid ())
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_ID
|
2008-06-17 21:13:30 +00:00
|
|
|
&& ('\0' != ut->ut_id[0])
|
2009-04-21 22:39:14 +00:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_TYPE
|
2008-06-17 21:13:30 +00:00
|
|
|
&& ( (LOGIN_PROCESS == ut->ut_type)
|
2008-11-22 23:56:11 +00:00
|
|
|
|| (USER_PROCESS == ut->ut_type))
|
2009-04-21 22:39:14 +00:00
|
|
|
#endif
|
2008-11-22 23:56:11 +00:00
|
|
|
/* A process may have failed to close an entry
|
2009-04-17 21:25:30 +00:00
|
|
|
* Check if this entry refers to the current tty */
|
2008-11-22 23:56:11 +00:00
|
|
|
&& is_my_tty (ut->ut_line)) {
|
2007-10-07 11:44:02 +00:00
|
|
|
break;
|
2008-06-17 21:13:30 +00:00
|
|
|
}
|
2008-11-22 23:56:11 +00:00
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2008-06-17 21:13:30 +00:00
|
|
|
if (NULL != ut) {
|
2009-04-22 20:59:23 +00:00
|
|
|
ret = (struct utmp *) xmalloc (sizeof (*ret));
|
2009-04-21 22:39:14 +00:00
|
|
|
memcpy (ret, ut, sizeof (*ret));
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
2009-04-17 21:25:30 +00:00
|
|
|
|
2009-04-19 15:28:38 +00:00
|
|
|
endutent ();
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2009-04-21 22:39:14 +00:00
|
|
|
return ret;
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
2018-06-24 00:13:12 -05:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2012-05-18 17:57:52 +00:00
|
|
|
#ifndef USE_PAM
|
2007-10-07 11:44:02 +00:00
|
|
|
/*
|
|
|
|
* Some systems already have updwtmp() and possibly updwtmpx(). Others
|
2009-04-21 22:39:14 +00:00
|
|
|
* don't, so we re-implement these functions if necessary.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
|
|
|
#ifndef HAVE_UPDWTMP
|
2007-10-07 11:45:23 +00:00
|
|
|
static void updwtmp (const char *filename, const struct utmp *ut)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
|
|
|
int fd;
|
|
|
|
|
2007-10-07 11:45:23 +00:00
|
|
|
fd = open (filename, O_APPEND | O_WRONLY, 0);
|
2007-10-07 11:44:02 +00:00
|
|
|
if (fd >= 0) {
|
2023-02-01 13:50:48 +01:00
|
|
|
write (fd, ut, sizeof (*ut));
|
2007-10-07 11:45:23 +00:00
|
|
|
close (fd);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
}
|
2007-10-07 11:45:23 +00:00
|
|
|
#endif /* ! HAVE_UPDWTMP */
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2012-05-18 17:57:52 +00:00
|
|
|
#endif /* ! USE_PAM */
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
|
2009-04-21 22:39:14 +00:00
|
|
|
/*
|
|
|
|
* prepare_utmp - prepare an utmp entry so that it can be logged in a
|
|
|
|
* utmp/wtmp file.
|
|
|
|
*
|
2009-04-22 21:02:46 +00:00
|
|
|
* It accepts an utmp entry in input (ut) to return an entry with
|
2009-04-21 22:39:14 +00:00
|
|
|
* the right ut_id. This is typically an entry returned by
|
|
|
|
* get_current_utmp
|
2009-04-22 21:02:46 +00:00
|
|
|
* If ut is NULL, ut_id will be forged based on the line argument.
|
2009-04-21 22:39:14 +00:00
|
|
|
*
|
2009-04-22 21:02:46 +00:00
|
|
|
* The ut_host field of the input structure may also be kept, and is
|
|
|
|
* used to define the ut_addr/ut_addr_v6 fields. (if these fields
|
|
|
|
* exist)
|
2009-04-21 22:39:14 +00:00
|
|
|
*
|
|
|
|
* Other fields are discarded and filed with new values (if they
|
|
|
|
* exist).
|
|
|
|
*
|
|
|
|
* The returned structure shall be freed by the caller.
|
|
|
|
*/
|
2009-04-22 21:07:33 +00:00
|
|
|
/*@only@*/struct utmp *prepare_utmp (const char *name,
|
2009-04-27 20:06:25 +00:00
|
|
|
const char *line,
|
|
|
|
const char *host,
|
|
|
|
/*@null@*/const struct utmp *ut)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2009-04-21 22:39:14 +00:00
|
|
|
struct timeval tv;
|
|
|
|
char *hostname = NULL;
|
|
|
|
struct utmp *utent;
|
|
|
|
|
|
|
|
assert (NULL != name);
|
|
|
|
assert (NULL != line);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ( (NULL != host)
|
2009-04-22 21:04:16 +00:00
|
|
|
&& ('\0' != host[0])) {
|
2009-04-21 22:39:14 +00:00
|
|
|
hostname = (char *) xmalloc (strlen (host) + 1);
|
|
|
|
strcpy (hostname, host);
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_HOST
|
2009-04-22 21:02:46 +00:00
|
|
|
} else if ( (NULL != ut)
|
2009-04-21 22:39:14 +00:00
|
|
|
&& ('\0' != ut->ut_host[0])) {
|
|
|
|
hostname = (char *) xmalloc (sizeof (ut->ut_host) + 1);
|
|
|
|
strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
|
|
|
|
hostname[sizeof (ut->ut_host)] = '\0';
|
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_HOST */
|
2008-06-17 21:13:30 +00:00
|
|
|
}
|
|
|
|
|
2009-04-21 22:39:14 +00:00
|
|
|
if (strncmp(line, "/dev/", 5) == 0) {
|
|
|
|
line += 5;
|
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
|
2009-04-21 22:39:14 +00:00
|
|
|
utent = (struct utmp *) xmalloc (sizeof (*utent));
|
|
|
|
memzero (utent, sizeof (*utent));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_TYPE
|
|
|
|
utent->ut_type = USER_PROCESS;
|
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_TYPE */
|
|
|
|
utent->ut_pid = getpid ();
|
Fix covscan BUFFER_SIZE
Error: BUFFER_SIZE (CWE-170): [#def6]
shadow-4.8.1/libmisc/failure.c:101: buffer_size_warning: Calling "strncpy" with a maximum size argument of 12 bytes on destination array "fl->fail_line" of size 12 bytes might leave the destination string unterminated.
99| }
100|
101|-> strncpy (fl->fail_line, tty, sizeof fl->fail_line);
102| (void) time (&fl->fail_time);
103|
Error: BUFFER_SIZE (CWE-170): [#def9]
shadow-4.8.1/libmisc/log.c:103: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "newlog.ll_line" of size 32 bytes might leave the destination string unterminated.
101| (void) time (&ll_time);
102| newlog.ll_time = ll_time;
103|-> strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
104| #if HAVE_LL_HOST
105| strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
Error: BUFFER_SIZE (CWE-170): [#def10]
shadow-4.8.1/libmisc/log.c:105: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "newlog.ll_host" of size 256 bytes might leave the destination string unterminated.
103| strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
104| #if HAVE_LL_HOST
105|-> strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
106| #endif
107| if ( (lseek (fd, offset, SEEK_SET) != offset)
Error: BUFFER_SIZE (CWE-170): [#def13]
shadow-4.8.1/libmisc/utmp.c:260: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_line" of size 32 bytes might leave the destination string unterminated.
258| #endif /* HAVE_STRUCT_UTMP_UT_TYPE */
259| utent->ut_pid = getpid ();
260|-> strncpy (utent->ut_line, line, sizeof (utent->ut_line));
261| #ifdef HAVE_STRUCT_UTMP_UT_ID
262| if (NULL != ut) {
Error: BUFFER_SIZE (CWE-170): [#def14]
shadow-4.8.1/libmisc/utmp.c:266: buffer_size_warning: Calling "strncpy" with a maximum size argument of 4 bytes on destination array "utent->ut_id" of size 4 bytes might leave the destination string unterminated.
264| } else {
265| /* XXX - assumes /dev/tty?? */
266|-> strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id));
267| }
268| #endif /* HAVE_STRUCT_UTMP_UT_ID */
Error: BUFFER_SIZE (CWE-170): [#def15]
shadow-4.8.1/libmisc/utmp.c:273: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_user" of size 32 bytes might leave the destination string unterminated.
271| #endif /* HAVE_STRUCT_UTMP_UT_NAME */
272| #ifdef HAVE_STRUCT_UTMP_UT_USER
273|-> strncpy (utent->ut_user, name, sizeof (utent->ut_user));
274| #endif /* HAVE_STRUCT_UTMP_UT_USER */
275| if (NULL != hostname) {
Error: BUFFER_SIZE (CWE-170): [#def16]
shadow-4.8.1/libmisc/utmp.c:278: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "utent->ut_host" of size 256 bytes might leave the destination string unterminated.
276| struct addrinfo *info = NULL;
277| #ifdef HAVE_STRUCT_UTMP_UT_HOST
278|-> strncpy (utent->ut_host, hostname, sizeof (utent->ut_host));
279| #endif /* HAVE_STRUCT_UTMP_UT_HOST */
280| #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-06-16 09:50:53 +02:00
|
|
|
strncpy (utent->ut_line, line, sizeof (utent->ut_line) - 1);
|
2009-04-21 22:39:14 +00:00
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_ID
|
2009-04-22 21:02:46 +00:00
|
|
|
if (NULL != ut) {
|
|
|
|
strncpy (utent->ut_id, ut->ut_id, sizeof (utent->ut_id));
|
|
|
|
} else {
|
|
|
|
/* XXX - assumes /dev/tty?? */
|
Fix covscan BUFFER_SIZE
Error: BUFFER_SIZE (CWE-170): [#def6]
shadow-4.8.1/libmisc/failure.c:101: buffer_size_warning: Calling "strncpy" with a maximum size argument of 12 bytes on destination array "fl->fail_line" of size 12 bytes might leave the destination string unterminated.
99| }
100|
101|-> strncpy (fl->fail_line, tty, sizeof fl->fail_line);
102| (void) time (&fl->fail_time);
103|
Error: BUFFER_SIZE (CWE-170): [#def9]
shadow-4.8.1/libmisc/log.c:103: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "newlog.ll_line" of size 32 bytes might leave the destination string unterminated.
101| (void) time (&ll_time);
102| newlog.ll_time = ll_time;
103|-> strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
104| #if HAVE_LL_HOST
105| strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
Error: BUFFER_SIZE (CWE-170): [#def10]
shadow-4.8.1/libmisc/log.c:105: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "newlog.ll_host" of size 256 bytes might leave the destination string unterminated.
103| strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
104| #if HAVE_LL_HOST
105|-> strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
106| #endif
107| if ( (lseek (fd, offset, SEEK_SET) != offset)
Error: BUFFER_SIZE (CWE-170): [#def13]
shadow-4.8.1/libmisc/utmp.c:260: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_line" of size 32 bytes might leave the destination string unterminated.
258| #endif /* HAVE_STRUCT_UTMP_UT_TYPE */
259| utent->ut_pid = getpid ();
260|-> strncpy (utent->ut_line, line, sizeof (utent->ut_line));
261| #ifdef HAVE_STRUCT_UTMP_UT_ID
262| if (NULL != ut) {
Error: BUFFER_SIZE (CWE-170): [#def14]
shadow-4.8.1/libmisc/utmp.c:266: buffer_size_warning: Calling "strncpy" with a maximum size argument of 4 bytes on destination array "utent->ut_id" of size 4 bytes might leave the destination string unterminated.
264| } else {
265| /* XXX - assumes /dev/tty?? */
266|-> strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id));
267| }
268| #endif /* HAVE_STRUCT_UTMP_UT_ID */
Error: BUFFER_SIZE (CWE-170): [#def15]
shadow-4.8.1/libmisc/utmp.c:273: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_user" of size 32 bytes might leave the destination string unterminated.
271| #endif /* HAVE_STRUCT_UTMP_UT_NAME */
272| #ifdef HAVE_STRUCT_UTMP_UT_USER
273|-> strncpy (utent->ut_user, name, sizeof (utent->ut_user));
274| #endif /* HAVE_STRUCT_UTMP_UT_USER */
275| if (NULL != hostname) {
Error: BUFFER_SIZE (CWE-170): [#def16]
shadow-4.8.1/libmisc/utmp.c:278: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "utent->ut_host" of size 256 bytes might leave the destination string unterminated.
276| struct addrinfo *info = NULL;
277| #ifdef HAVE_STRUCT_UTMP_UT_HOST
278|-> strncpy (utent->ut_host, hostname, sizeof (utent->ut_host));
279| #endif /* HAVE_STRUCT_UTMP_UT_HOST */
280| #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-06-16 09:50:53 +02:00
|
|
|
strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id) - 1);
|
2009-04-22 21:02:46 +00:00
|
|
|
}
|
2009-04-21 22:39:14 +00:00
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_ID */
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_NAME
|
|
|
|
strncpy (utent->ut_name, name, sizeof (utent->ut_name));
|
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_NAME */
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_USER
|
Fix covscan BUFFER_SIZE
Error: BUFFER_SIZE (CWE-170): [#def6]
shadow-4.8.1/libmisc/failure.c:101: buffer_size_warning: Calling "strncpy" with a maximum size argument of 12 bytes on destination array "fl->fail_line" of size 12 bytes might leave the destination string unterminated.
99| }
100|
101|-> strncpy (fl->fail_line, tty, sizeof fl->fail_line);
102| (void) time (&fl->fail_time);
103|
Error: BUFFER_SIZE (CWE-170): [#def9]
shadow-4.8.1/libmisc/log.c:103: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "newlog.ll_line" of size 32 bytes might leave the destination string unterminated.
101| (void) time (&ll_time);
102| newlog.ll_time = ll_time;
103|-> strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
104| #if HAVE_LL_HOST
105| strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
Error: BUFFER_SIZE (CWE-170): [#def10]
shadow-4.8.1/libmisc/log.c:105: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "newlog.ll_host" of size 256 bytes might leave the destination string unterminated.
103| strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
104| #if HAVE_LL_HOST
105|-> strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
106| #endif
107| if ( (lseek (fd, offset, SEEK_SET) != offset)
Error: BUFFER_SIZE (CWE-170): [#def13]
shadow-4.8.1/libmisc/utmp.c:260: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_line" of size 32 bytes might leave the destination string unterminated.
258| #endif /* HAVE_STRUCT_UTMP_UT_TYPE */
259| utent->ut_pid = getpid ();
260|-> strncpy (utent->ut_line, line, sizeof (utent->ut_line));
261| #ifdef HAVE_STRUCT_UTMP_UT_ID
262| if (NULL != ut) {
Error: BUFFER_SIZE (CWE-170): [#def14]
shadow-4.8.1/libmisc/utmp.c:266: buffer_size_warning: Calling "strncpy" with a maximum size argument of 4 bytes on destination array "utent->ut_id" of size 4 bytes might leave the destination string unterminated.
264| } else {
265| /* XXX - assumes /dev/tty?? */
266|-> strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id));
267| }
268| #endif /* HAVE_STRUCT_UTMP_UT_ID */
Error: BUFFER_SIZE (CWE-170): [#def15]
shadow-4.8.1/libmisc/utmp.c:273: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_user" of size 32 bytes might leave the destination string unterminated.
271| #endif /* HAVE_STRUCT_UTMP_UT_NAME */
272| #ifdef HAVE_STRUCT_UTMP_UT_USER
273|-> strncpy (utent->ut_user, name, sizeof (utent->ut_user));
274| #endif /* HAVE_STRUCT_UTMP_UT_USER */
275| if (NULL != hostname) {
Error: BUFFER_SIZE (CWE-170): [#def16]
shadow-4.8.1/libmisc/utmp.c:278: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "utent->ut_host" of size 256 bytes might leave the destination string unterminated.
276| struct addrinfo *info = NULL;
277| #ifdef HAVE_STRUCT_UTMP_UT_HOST
278|-> strncpy (utent->ut_host, hostname, sizeof (utent->ut_host));
279| #endif /* HAVE_STRUCT_UTMP_UT_HOST */
280| #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-06-16 09:50:53 +02:00
|
|
|
strncpy (utent->ut_user, name, sizeof (utent->ut_user) - 1);
|
2009-04-21 22:39:14 +00:00
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_USER */
|
|
|
|
if (NULL != hostname) {
|
|
|
|
struct addrinfo *info = NULL;
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_HOST
|
Fix covscan BUFFER_SIZE
Error: BUFFER_SIZE (CWE-170): [#def6]
shadow-4.8.1/libmisc/failure.c:101: buffer_size_warning: Calling "strncpy" with a maximum size argument of 12 bytes on destination array "fl->fail_line" of size 12 bytes might leave the destination string unterminated.
99| }
100|
101|-> strncpy (fl->fail_line, tty, sizeof fl->fail_line);
102| (void) time (&fl->fail_time);
103|
Error: BUFFER_SIZE (CWE-170): [#def9]
shadow-4.8.1/libmisc/log.c:103: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "newlog.ll_line" of size 32 bytes might leave the destination string unterminated.
101| (void) time (&ll_time);
102| newlog.ll_time = ll_time;
103|-> strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
104| #if HAVE_LL_HOST
105| strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
Error: BUFFER_SIZE (CWE-170): [#def10]
shadow-4.8.1/libmisc/log.c:105: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "newlog.ll_host" of size 256 bytes might leave the destination string unterminated.
103| strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
104| #if HAVE_LL_HOST
105|-> strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
106| #endif
107| if ( (lseek (fd, offset, SEEK_SET) != offset)
Error: BUFFER_SIZE (CWE-170): [#def13]
shadow-4.8.1/libmisc/utmp.c:260: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_line" of size 32 bytes might leave the destination string unterminated.
258| #endif /* HAVE_STRUCT_UTMP_UT_TYPE */
259| utent->ut_pid = getpid ();
260|-> strncpy (utent->ut_line, line, sizeof (utent->ut_line));
261| #ifdef HAVE_STRUCT_UTMP_UT_ID
262| if (NULL != ut) {
Error: BUFFER_SIZE (CWE-170): [#def14]
shadow-4.8.1/libmisc/utmp.c:266: buffer_size_warning: Calling "strncpy" with a maximum size argument of 4 bytes on destination array "utent->ut_id" of size 4 bytes might leave the destination string unterminated.
264| } else {
265| /* XXX - assumes /dev/tty?? */
266|-> strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id));
267| }
268| #endif /* HAVE_STRUCT_UTMP_UT_ID */
Error: BUFFER_SIZE (CWE-170): [#def15]
shadow-4.8.1/libmisc/utmp.c:273: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_user" of size 32 bytes might leave the destination string unterminated.
271| #endif /* HAVE_STRUCT_UTMP_UT_NAME */
272| #ifdef HAVE_STRUCT_UTMP_UT_USER
273|-> strncpy (utent->ut_user, name, sizeof (utent->ut_user));
274| #endif /* HAVE_STRUCT_UTMP_UT_USER */
275| if (NULL != hostname) {
Error: BUFFER_SIZE (CWE-170): [#def16]
shadow-4.8.1/libmisc/utmp.c:278: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "utent->ut_host" of size 256 bytes might leave the destination string unterminated.
276| struct addrinfo *info = NULL;
277| #ifdef HAVE_STRUCT_UTMP_UT_HOST
278|-> strncpy (utent->ut_host, hostname, sizeof (utent->ut_host));
279| #endif /* HAVE_STRUCT_UTMP_UT_HOST */
280| #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-06-16 09:50:53 +02:00
|
|
|
strncpy (utent->ut_host, hostname, sizeof (utent->ut_host) - 1);
|
2009-04-21 22:39:14 +00:00
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_HOST */
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
|
|
|
|
utent->ut_syslen = MIN (strlen (hostname),
|
|
|
|
sizeof (utent->ut_host));
|
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_SYSLEN */
|
|
|
|
#if defined(HAVE_STRUCT_UTMP_UT_ADDR) || defined(HAVE_STRUCT_UTMP_UT_ADDR_V6)
|
|
|
|
if (getaddrinfo (hostname, NULL, NULL, &info) == 0) {
|
|
|
|
/* getaddrinfo might not be reliable.
|
|
|
|
* Just try to log what may be useful.
|
|
|
|
*/
|
|
|
|
if (info->ai_family == AF_INET) {
|
|
|
|
struct sockaddr_in *sa =
|
|
|
|
(struct sockaddr_in *) info->ai_addr;
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_ADDR
|
|
|
|
memcpy (&(utent->ut_addr),
|
|
|
|
&(sa->sin_addr),
|
|
|
|
MIN (sizeof (utent->ut_addr),
|
|
|
|
sizeof (sa->sin_addr)));
|
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_ADDR */
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_ADDR_V6
|
|
|
|
memcpy (utent->ut_addr_v6,
|
|
|
|
&(sa->sin_addr),
|
|
|
|
MIN (sizeof (utent->ut_addr_v6),
|
|
|
|
sizeof (sa->sin_addr)));
|
|
|
|
} else if (info->ai_family == AF_INET6) {
|
|
|
|
struct sockaddr_in6 *sa =
|
|
|
|
(struct sockaddr_in6 *) info->ai_addr;
|
|
|
|
memcpy (utent->ut_addr_v6,
|
|
|
|
&(sa->sin6_addr),
|
|
|
|
MIN (sizeof (utent->ut_addr_v6),
|
|
|
|
sizeof (sa->sin6_addr)));
|
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_ADDR_V6 */
|
|
|
|
}
|
|
|
|
freeaddrinfo (info);
|
|
|
|
}
|
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_ADDR || HAVE_STRUCT_UTMP_UT_ADDR_V6 */
|
|
|
|
free (hostname);
|
|
|
|
}
|
|
|
|
/* ut_exit is only for DEAD_PROCESS */
|
|
|
|
utent->ut_session = getsid (0);
|
2009-04-22 21:06:13 +00:00
|
|
|
if (gettimeofday (&tv, NULL) == 0) {
|
2009-04-21 22:39:14 +00:00
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_TIME
|
2009-04-22 21:06:13 +00:00
|
|
|
utent->ut_time = tv.tv_sec;
|
2009-04-21 22:39:14 +00:00
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_TIME */
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_XTIME
|
2009-04-22 21:06:13 +00:00
|
|
|
utent->ut_xtime = tv.tv_usec;
|
2009-04-21 22:39:14 +00:00
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_XTIME */
|
|
|
|
#ifdef HAVE_STRUCT_UTMP_UT_TV
|
2009-04-22 21:06:13 +00:00
|
|
|
utent->ut_tv.tv_sec = tv.tv_sec;
|
|
|
|
utent->ut_tv.tv_usec = tv.tv_usec;
|
2009-04-21 22:39:14 +00:00
|
|
|
#endif /* HAVE_STRUCT_UTMP_UT_TV */
|
2009-04-22 21:06:13 +00:00
|
|
|
}
|
2009-04-21 22:39:14 +00:00
|
|
|
|
|
|
|
return utent;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* setutmp - Update an entry in utmp and log an entry in wtmp
|
|
|
|
*
|
|
|
|
* Return 1 on failure and 0 on success.
|
|
|
|
*/
|
|
|
|
int setutmp (struct utmp *ut)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2008-06-17 21:13:30 +00:00
|
|
|
int err = 0;
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2009-04-21 22:39:14 +00:00
|
|
|
assert (NULL != ut);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2009-04-21 22:39:14 +00:00
|
|
|
setutent ();
|
|
|
|
if (pututline (ut) == NULL) {
|
|
|
|
err = 1;
|
2008-06-17 21:13:30 +00:00
|
|
|
}
|
2009-04-21 22:39:14 +00:00
|
|
|
endutent ();
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2012-05-18 17:57:52 +00:00
|
|
|
#ifndef USE_PAM
|
|
|
|
/* This is done by pam_lastlog */
|
2009-04-21 22:39:14 +00:00
|
|
|
updwtmp (_WTMP_FILE, ut);
|
2012-05-18 17:57:52 +00:00
|
|
|
#endif /* ! USE_PAM */
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2009-04-21 22:39:14 +00:00
|
|
|
return err;
|
|
|
|
}
|