- use robust functions like write_all()
- don't use assert() to check write/open/etc return values, because oss-fuzz.com
report foreign (system, libc, ...) issues as our fails
Addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28009
Signed-off-by: Karel Zak <kzak@redhat.com>
Deprecating calls to not-thread safe asctime(), ctime(), and localtime()
calls is pretty close to pointless change. Lets do it to reduce lgtm scan
warnings with justification it's nicer to use static analysis tools when
they have very few positives.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Sorry detail-oriented people tend to wipe these out if they notice them.
Add in automated tools and lots of excess end-of-line spaces get wiped
out.
Addresses: https://github.com/karelzak/util-linux/pull/849
Signed-off-by: Karel Zak <kzak@redhat.com>
In commit b22332dd4 (last: fix wtmp user name buffer overflow
[asan], 2019-01-13), we started to make sure that the `ut_user`
field of the `utmpx` struct is always NUL-terminated. The
implementation makes use of the `__UT_NAMESIZE` define to
determine the position of the last character in that array. The
problem is that this is a non-standard define that is not
necessarily available on non-glibc platforms.
As there is no standardized define, we should just use `sizeof`.
This fixes compilation on musl libc based systems.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Ensure utmp user name field is null terminated. Without that getpwnam() can
buffer overflow, when wtmp file is malformed.
Addresses: https://github.com/karelzak/util-linux/issues/715
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
login-utils/last.c: In function ‘list’:
login-utils/last.c:398:36: warning: argument to ‘sizeof’ in ‘strncat’ call
is the same expression as the source; did you mean to use the size of the
destination? [-Wsizeof-pointer-memaccess]
strncat(utline, p->ut_line, sizeof(p->ut_line));
The sizeof(utline) is defined as sizeof(p->ut_line) + 1, so the compiler got
that wrong. Lets truncate strncat() otherway around to keep gcc 8.1 happy.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
* Start the ISO format flags at bit 0 instead of bit 1.
* Remove unnecessary _8601 from ISO format flag names to
avoid line wrapping and to ease readability.
* ISO timestamps have date-time-timzone in common, so move
the TIMEZONE flag to bit 2 causing all timestamp masks
to have the first three bits set and the last four bits
as timestamp 'options'.
* Change the 'SPACE' flag to a 'T' flag, because it makes
the code and comments more concise.
* Add common ISO timestamp masks.
* Implement the ISO timestamp masks in all applicable code
using the strxxx_iso() functions.
Signed-off-by: J William Piggott <elseifthen@gmx.com>
This new function returns the GMT offset relative to its
argument. It is used in this patch to fix two bugs:
1) On platforms that the tm struct excludes tm_gmtoff,
hwclock assumes a one hour DST offset. This can cause
an incorrect kernel timezone setting. For example:
Master branch tested with tm_gmtoff illustrates the correct offset:
$ TZ="Australia/Lord_Howe" hwclock --hctosys --test | grep settimeofday
Calling settimeofday(1507494204.192398, -660)
Master branch tested without tm_gmtoff has an incorrect offset:
$ TZ="Australia/Lord_Howe" hwclock --hctosys --test | grep settimeofday
Calling settimeofday(1507494249.193852, -690)
Patched tested without tm_gmtoff has the correct offset:
$ TZ="Australia/Lord_Howe" hwclock --hctosys --test | grep settimeofday
Calling settimeofday(1507494260.194208, -660)
2) ISO 8601 'extended' format requires all time elements
to use a colon (:).
Current invalid ISO 8601:
$ hwclock
2017-10-08 16:25:17.895462-0400
Patched:
$ hwclock
2017-10-08 16:25:34.141895-04:00
Also required by this change:
login-utils/last.c: increase ISO out_len and in_len by one to
accommodate the addition of the timezone colon.
Signed-off-by: J William Piggott <elseifthen@gmx.com>
* 'help' of https://github.com/rudimeier/util-linux:
setpriv: silence compiler warning
misc: consolidate macro style USAGE_HELP_OPTIONS
blockdev: correct man page name in --help
Under strange circumstances, the output of command 'last reboot'
showed the last time as a negative time, with both the hours and the
mins value having a minus sign. Example, taken from my workstation:
$last reboot
[...]
reboot system boot 4.4.0-79-generic Wed Jun 14 09:20 - 07:33 (-1:-47)
[...]
I am aware this should happen only infrequently. Nevertheless, I
propose a more robust behaviour: show a minus sign only for the most
significant value (days or hours) and show the rest always as
positive. In the special case of ((secs < 0) && (secs >= -59)), print
mins as "-00".
Signed-off-by: Karel Zak <kzak@redhat.com>
changed in include/c.h and applied via sed:
sed -i 's/fprintf.*\(USAGE_MAN_TAIL.*\)/printf(\1/' $(git ls-files -- "*.c")
sed -i 's/print_usage_help_options\(.*\);/printf(USAGE_HELP_OPTIONS\1);/' $(git ls-files -- "*.c")
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Consolidate --help and --version descriptions. We are
now able to align them to the other options.
We changed include/c.h. The rest of this patch was
generated by sed, plus manually setting the right
alignment numbers. We do not change anything but
white spaces in the --help output.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
This patch is trivial and changes nothing, because
we were always using usage(stdout)
Now all our usage() functions look very similar. If wanted we
could auto-generate another big cosmetical patch to remove all
the useless "FILE *out" constants and use printf and puts
rather than their f* friends. Such patch could be automatically
synchronized with the translation project (newlines!) to not
make the translators sick.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
(Original patch and commit message edited by Rudi.)
gcc-7 adds -Wimplicit-fallthrough=3 to our default flag -Wextra.
This warning can be silenced by using comment /* fallthrough */
which is also recognized by other tools like coverity. There are
also other valid comments (see man gcc-7) but we consolidate this
style now.
We could have also used __attribute__((fallthrough)) but the comment
looks nice and does not need to be ifdef'ed for compatibility.
Reference: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=7652
Reference: https://developers.redhat.com/blog/2017/03/10/wimplicit-fallthrough-in-gcc-7/
Reviewed-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Suggested-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
../login-utils/last.c: In function ‘main’:
../login-utils/last.c:624:23: warning: ‘%s’ directive writing up to 31 bytes into a region of size 27 [-Wformat-overflow=]
sprintf(path, "/dev/%s", ut->ut_line);
^~ ~~
../login-utils/last.c:624:3: note: ‘sprintf’ output between 6 and 37 bytes into a destination of size 32
sprintf(path, "/dev/%s", ut->ut_line);
../libblkid/src/devname.c: In function 'probe_one':
../libblkid/src/devname.c:166:29: warning: '%s' directive writing up to 255 bytes into a region of size 245 [-Wformat-overflow=]
sprintf(path, "/sys/block/%s/slaves", de->d_name);
^~
../libblkid/src/devname.c:166:3: note: 'sprintf' output between 19 and 274 bytes into a destination of size 256
sprintf(path, "/sys/block/%s/slaves", de->d_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
sys-utils/prlimit.c: In function 'do_prlimit':
sys-utils/prlimit.c:367:16: warning: format '%ju' expects argument of type 'uintmax_t', but argument 2 has type 'rlim_t {aka long long unsigned int}' [-Wformat=]
printf("<%ju", new->rlim_cur);
lib/plymouth-ctrl.c: In function 'open_un_socket_and_connect':
lib/plymouth-ctrl.c:88:20: warning: passing argument 2 of 'connect' from incompatible pointer type [-Wincompatible-pointer-types]
ret = connect(fd, &su, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(su.sun_path+1));
^
In file included from lib/plymouth-ctrl.c:35:0:
/usr/include/sys/socket.h:314:5: note: expected 'const struct sockaddr *' but argument is of type 'struct sockaddr_un *'
int connect (int, const struct sockaddr *, socklen_t);
login-utils/last.c: In function 'list':
login-utils/last.c:506:54: warning: pointer targets in passing argument 4 of 'dns_lookup' differ in signedness [-Wpointer-sign]
r = dns_lookup(domain, sizeof(domain), ctl->useip, p->ut_addr_v6);
^
login-utils/last.c:291:12: note: expected 'int32_t * {aka int *}' but argument is of type 'unsigned int *'
static int dns_lookup(char *result, int size, int useip, int32_t *a)
^~~~~~~~~~
In file included from sys-utils/hwclock-cmos.c:92:0:
sys-utils/hwclock.h:67:32: warning: 'struct timeval' declared inside parameter list will not be visible outside of this definition or declaration
extern double time_diff(struct timeval subtrahend, struct timeval subtractor);
misc-utils/test_uuidd.c: In function 'create_nthreads':
misc-utils/test_uuidd.c:187:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
proc->pid, (int) th->tid, th->index));
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Use xstrcpy() to explicitly terminate the domain string.
Reported-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
This makes --time-format=iso timestamp to look the same as login/logout
times. When --time-format=noformat is used the file creation time not
printed. There is no change to default format.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Now the build will fail on many non-Linux systems because
utmpx.h is available everywhere but we still use non-POSIX
features. We'll fix this next commit.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
_HAVE_UT_TV is glibc only. Moreover we want to move to utmpx where
timeval is standard.
Now utmp/subsecond (1173d0a6) should work on all supported systems.
CC: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Fix various typos in error messages, warnings, debug strings,
comments and names of static functions.
Signed-off-by: Sebastian Rasmussen <sebras@gmail.com>
- describe difference between login and logout time formats in struct last_timefmt
- use strtime_iso()
- rename LAST_TIMEFTM_SHORT_CTIME to LAST_TIMEFTM_SHORT
- rename LAST_TIMEFTM_FULL_CTIME to LAST_TIMEFTM_CTIME
- add LAST_TIMEFTM_HHMM for internal purpose (logout format for "--time-format short")
Signed-off-by: Karel Zak <kzak@redhat.com>
This include was added just one month ago in 5a971329 but I don't see
what it was good for. It's missing in musl libc.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
It is just luck if two time() calls happen within the same
second. Introduced in 31d28e09.
Actually I don't like adding another global variable but this
way we avoid bigger refactoring. IMO it's questionable why
lastdate, lastdown, etc. are initialized with current time() at
all. It looks unsafe to print "still running" always when
logout_time = now.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
last(1) uses a global list of entries, this is unnecessary and it's
also mistake because the pointer to the list is not set to NULL when
last(1) opens another utmp file. For example:
last -f /var/log/wtmp -f /var/log/wtmp-20150220
ends with unexpected free() call or sometimes with never ending loop.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1201033
Signed-off-by: Karel Zak <kzak@redhat.com>
The message "stat failed %s" seems to say that stat() failed to
do something, or failed to pass a test, but of course it means
that the statting of something failed. So say so. Also make
two very similar messages equal to this one.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
This adds a concise description of a tool to its usage text.
A first form of this patch was proposed by Steven Honeyman
(see http://www.spinics.net/lists/util-linux-ng/msg09994.html).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
When kernel CONFIG_AUDIT is not set the /proc/<pid>/loginuid information
is not present resulting live sessions to be marked 'gone - no logout' in
last(1) print out. To go-around this change makes last(1) to look
/dev/<tty> device ownership as a substitute of loginuid.
The go-around seems to work fairly well, but it has it short comings.
For example after closing a X window session the /dev/ttyN file seems to
be owned by root, not the user who had it before entering to the X
session. While that is suboptimal it is still better than an attmempt to
determine uid_t by looking owner of the /proc/<struct utmp ut_pid>, that
is a login(1) process running as root.
The issue was found using Archlinux installation.
$ pacman -Qi linux
Name : linux
Version : 3.16-2
[...]
Build Date : Mon Aug 4 18:06:51 2014
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Fixing plain typos, miswordings, inconsistent periods, some missing
angular brackets, and a proper pluralization (even when it involves
a constant, because for some languages the precise value matters).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>