|
 |
ad9577 |
From 94f380e223e7496804dcd68e204fba0a15df8bd7 Mon Sep 17 00:00:00 2001
|
|
|
ad9577 |
From: Karel Zak <kzak@redhat.com>
|
|
|
ad9577 |
Date: Mon, 25 May 2015 15:24:13 +0200
|
|
|
ad9577 |
Subject: [PATCH 163/173] sulogin: don't use strcpy(), enlarge pwd line buffer
|
|
|
ad9577 |
|
|
|
ad9577 |
* according to "man getpwnam" 16384 bytes is enough to store one
|
|
|
ad9577 |
passwd entry (let's use 2*BUFSIZE to avoid magic numbers in code)
|
|
|
ad9577 |
|
|
|
ad9577 |
* don't use strcpy() to set empty password
|
|
|
ad9577 |
|
|
|
ad9577 |
Upstream: http://github.com/karelzak/util-linux/commit/d681e0956cdca1a016346424939fe1b9c6a0a549
|
|
|
ad9577 |
Addresses: http://bugzilla.redhat.com/show_bug.cgi?id=1561200
|
|
|
ad9577 |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
ad9577 |
---
|
|
|
ad9577 |
login-utils/sulogin.c | 14 +++++++-------
|
|
|
ad9577 |
1 file changed, 7 insertions(+), 7 deletions(-)
|
|
|
ad9577 |
|
|
|
ad9577 |
diff --git a/login-utils/sulogin.c b/login-utils/sulogin.c
|
|
|
ad9577 |
index bbd67b3ee..6d03bc5ae 100644
|
|
|
ad9577 |
--- a/login-utils/sulogin.c
|
|
|
ad9577 |
+++ b/login-utils/sulogin.c
|
|
|
ad9577 |
@@ -373,8 +373,8 @@ static struct passwd *getrootpwent(int try_manually)
|
|
|
ad9577 |
struct passwd *pw;
|
|
|
ad9577 |
struct spwd *spw;
|
|
|
ad9577 |
FILE *fp;
|
|
|
ad9577 |
- static char line[256];
|
|
|
ad9577 |
- static char sline[256];
|
|
|
ad9577 |
+ static char line[2 * BUFSIZ];
|
|
|
ad9577 |
+ static char sline[2 * BUFSIZ];
|
|
|
ad9577 |
char *p;
|
|
|
ad9577 |
|
|
|
ad9577 |
/*
|
|
|
ad9577 |
@@ -410,7 +410,7 @@ static struct passwd *getrootpwent(int try_manually)
|
|
|
ad9577 |
/*
|
|
|
ad9577 |
* Find root in the password file.
|
|
|
ad9577 |
*/
|
|
|
ad9577 |
- while ((p = fgets(line, 256, fp)) != NULL) {
|
|
|
ad9577 |
+ while ((p = fgets(line, sizeof(line), fp)) != NULL) {
|
|
|
ad9577 |
if (strncmp(line, "root:", 5) != 0)
|
|
|
ad9577 |
continue;
|
|
|
ad9577 |
p += 5;
|
|
|
ad9577 |
@@ -439,12 +439,12 @@ static struct passwd *getrootpwent(int try_manually)
|
|
|
ad9577 |
/*
|
|
|
ad9577 |
* The password is invalid. If there is a shadow password, try it.
|
|
|
ad9577 |
*/
|
|
|
ad9577 |
- strcpy(pwd.pw_passwd, "");
|
|
|
ad9577 |
+ *pwd.pw_passwd = '\0';
|
|
|
ad9577 |
if ((fp = fopen(_PATH_SHADOW_PASSWD, "r")) == NULL) {
|
|
|
ad9577 |
warn(_("cannot open %s"), _PATH_PASSWD);
|
|
|
ad9577 |
return &pw;;
|
|
|
ad9577 |
}
|
|
|
ad9577 |
- while ((p = fgets(sline, 256, fp)) != NULL) {
|
|
|
ad9577 |
+ while ((p = fgets(sline, sizeof(sline), fp)) != NULL) {
|
|
|
ad9577 |
if (strncmp(sline, "root:", 5) != 0)
|
|
|
ad9577 |
continue;
|
|
|
ad9577 |
p += 5;
|
|
|
ad9577 |
@@ -458,11 +458,11 @@ static struct passwd *getrootpwent(int try_manually)
|
|
|
ad9577 |
*/
|
|
|
ad9577 |
if (p == NULL) {
|
|
|
ad9577 |
warnx(_("%s: no entry for root"), _PATH_SHADOW_PASSWD);
|
|
|
ad9577 |
- strcpy(pwd.pw_passwd, "");
|
|
|
ad9577 |
+ *pwd.pw_passwd = '\0';
|
|
|
ad9577 |
}
|
|
|
ad9577 |
if (!valid(pwd.pw_passwd)) {
|
|
|
ad9577 |
warnx(_("%s: root password garbled"), _PATH_SHADOW_PASSWD);
|
|
|
ad9577 |
- strcpy(pwd.pw_passwd, "");
|
|
|
ad9577 |
+ *pwd.pw_passwd = '\0';
|
|
|
ad9577 |
}
|
|
|
ad9577 |
return &pw;;
|
|
|
ad9577 |
}
|
|
|
ad9577 |
--
|
|
|
ad9577 |
2.14.4
|
|
|
ad9577 |
|