- Fix buffer overrun in login.c for systems which use syslen in utmpx.
patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
diff --git a/ChangeLog b/ChangeLog
index a79bb19..3037eac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
20000530
- Define atexit for old Solaris
+ - Fix buffer overrun in login.c for systems which use syslen in utmpx.
+ patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
20000520
- Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
diff --git a/login.c b/login.c
index 49853bd..6749a15 100644
--- a/login.c
+++ b/login.c
@@ -18,7 +18,7 @@
*/
#include "includes.h"
-RCSID("$Id: login.c,v 1.27 2000/05/17 12:00:03 damien Exp $");
+RCSID("$Id: login.c,v 1.28 2000/05/30 03:12:46 damien Exp $");
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
# include <utmpx.h>
@@ -217,10 +217,13 @@
# ifdef HAVE_HOST_IN_UTMPX
# ifdef HAVE_SYSLEN_IN_UTMPX
utx.ut_syslen = strlen(host);
+ if (utx.ut_syslen + 1 > sizeof(utx.ut_host))
+ utx.ut_syslen = sizeof(utx.ut_host);
strncpy(utx.ut_host, host, utx.ut_syslen);
# else
strncpy(utx.ut_host, host, sizeof(utx.ut_host));
# endif /* HAVE_SYSLEN_IN_UTMPX */
+ utx.ut_host[sizeof(utx.ut_host)-1] = '\0';
# endif
#if defined(HAVE_ADDR_IN_UTMPX)
if (addr) {