emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Fix su(1) silent truncation

Browse Source 
*  src/su.c (check_perms): Do not silently truncate user name.

Reported-by: Paul Eggert <eggert@cs.ucla.edu>
Co-developed-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Alejandro Colomar 2023-03-13 01:21:42 +01:00 committed by Iker Pedrosa
parent 1d7d94ed7d
commit 4c210a29bc
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/su.c
View File

@ -658,7 +658,13 @@ static /*@only@*/struct passwd * check_perms (void)
SYSLOG ((LOG_INFO,
"Change user from '%s' to '%s' as requested by PAM",
name, tmp_name));
strlcpy (name, tmp_name, sizeof(name));
if (strlcpy (name, tmp_name, sizeof(name)) >= sizeof(name)) {
fprintf (stderr, _("Overlong user name '%s'\n"),
tmp_name);
SYSLOG ((LOG_NOTICE, "Overlong user name '%s'",
tmp_name));
su_failure (caller_tty, true);
}
pw = xgetpwnam (name);
if (NULL == pw) {
(void) fprintf (stderr,