last: fix wtmp user name buffer overflow [asan]
Ensure utmp user name field is null terminated. Without that getpwnam() can buffer overflow, when wtmp file is malformed. Addresses: https://github.com/karelzak/util-linux/issues/715 Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This commit is contained in:
parent
1a83c00d88
commit
b22332dd4f
|
@ -600,6 +600,7 @@ static int is_phantom(const struct last_control *ctl, struct utmpx *ut)
|
|||
|
||||
if (ut->ut_tv.tv_sec < ctl->boot_time.tv_sec)
|
||||
return 1;
|
||||
ut->ut_user[__UT_NAMESIZE - 1] = '\0';
|
||||
pw = getpwnam(ut->ut_user);
|
||||
if (!pw)
|
||||
return 1;
|
||||
|
|
Loading…
Reference in New Issue