From: Andrew G. Morgan Date: Fri, 12 Oct 2001 05:56:26 +0000 (+0000) Subject: Relevant BUGIDs: 436060 X-Git-Tag: Linux-PAM-0-76~62 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=094652b733bf2422420213c4e87af920ff05e6f3;p=linux-pam Relevant BUGIDs: 436060 Purpose of commit: paranoia fix Commit summary: --------------- Remove possibility of an un-nul terminated string. (Patch from Red Hat release courtesy of Harald Welte.) --- diff --git a/CHANGELOG b/CHANGELOG index e00ff4e7..e45fc027 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -49,9 +49,11 @@ bug report - outstanding bugs are listed here: 0.76: please submit patches for this section with actual code/doc patches! +* more changes (extracted from redhat version) courtesy of + Harald Welte (Bugs pam_limits=436061, pam_lastlog=436060 - agmorgan) * fix for legacy behavior of pam_setcred and pam_close_session in the case that pam_authenticate and pam_open_session hadn't been - called - bug report from S Park. (Bug 468724 - agmorgan) + called - bug report from Seongwan Park. (Bug 468724 - agmorgan) * some BSD updates and fixes from Mark Murray - including a slightly more robust conversation function and some minimization of gcc warnings. (Bugs 449203,463984 - agmorgan) @@ -80,8 +82,6 @@ bug report - outstanding bugs are listed here: pam_tally app install (with more pretty printing and a corrected Makefile dependency) motivated by a (red hat diff) courtesy of Harald Welte (Bug 436432 - agmorgan) -* more pam_limits changes (extracted from redhat version) courtesy of - Harald Welte (Bug 436061 - agmorgan) * configure.in changes to help support non-Linux environments courtesy of Scott T. Emery (Bug 422563 - agmorgan) * made a pam_cracklib enhancement to interpret -ve limits in a diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index 15f83c83..c86becd8 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -334,8 +334,9 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) } /* copy to last_login */ - strncpy(last_login.ll_host, remote_host - , sizeof(last_login.ll_host)); + strncpy(last_login.ll_host, remote_host, + sizeof(last_login.ll_host)); + last_login.ll_host[sizeof(last_login.ll_host) - 1] = '\0'; remote_host = NULL; /* set the terminal line */ @@ -350,8 +351,9 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) D(("terminal = %s", terminal_line)); /* copy to last_login */ - strncpy(last_login.ll_line, terminal_line - , sizeof(last_login.ll_line)); + strncpy(last_login.ll_line, terminal_line, + sizeof(last_login.ll_line)); + last_login.ll_host[sizeof(last_login.ll_host) - 1] = '\0'; terminal_line = NULL; D(("locking last_log file"));