|
 |
30c500 |
From 59b280ebe22eceaf4250cb3b776674619a4d4ece Mon Sep 17 00:00:00 2001
|
|
|
30c500 |
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
|
30c500 |
Date: Mon, 5 Feb 2018 11:07:41 +0100
|
|
|
30c500 |
Subject: [PATCH] warnquota: Fix comparing user name to non-null-terminated
|
|
|
30c500 |
utmp.ut_user
|
|
|
30c500 |
MIME-Version: 1.0
|
|
|
30c500 |
Content-Type: text/plain; charset=UTF-8
|
|
|
30c500 |
Content-Transfer-Encoding: 8bit
|
|
|
30c500 |
|
|
|
30c500 |
GCC 8 with GNU libc 2.27 warns:
|
|
|
30c500 |
|
|
|
30c500 |
gcc -DHAVE_CONFIG_H -I. -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -I/usr/include/libnl3 -g -O2 -Wall -fPIC -I/usr/include/tirpc -c -o quota_nld-quota_nld.o `test -f 'quota_nld.c' || echo './'`quota_nld.c
|
|
|
30c500 |
quota_nld.c: In function ‘write_console_warning’:
|
|
|
30c500 |
quota_nld.c:273:7: warning: ‘strcmp’ argument 2 declared attribute ‘nonstring’ [-Wstringop-overflow=]
|
|
|
30c500 |
if (strcmp(user, uent->ut_user))
|
|
|
30c500 |
^~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
30c500 |
In file included from /usr/include/utmp.h:29,
|
|
|
30c500 |
from quota_nld.c:23:
|
|
|
30c500 |
/usr/include/bits/utmp.h:65:8: note: argument ‘ut_user’ declared here
|
|
|
30c500 |
char ut_user[UT_NAMESIZE]
|
|
|
30c500 |
^~~~~~~
|
|
|
30c500 |
|
|
|
30c500 |
This is because ut_user value misses the terminating null byte if it
|
|
|
30c500 |
fits exactly into ut_user array, as document in utmp(5):
|
|
|
30c500 |
|
|
|
30c500 |
String fields are terminated by a null byte ('\0') if they are
|
|
|
30c500 |
shorter than the size of the field.
|
|
|
30c500 |
|
|
|
30c500 |
Recent GCC and glibc recevied compile-time checks and annotations
|
|
|
30c500 |
(__attribute_nonstring_) that catches these mistakes.
|
|
|
30c500 |
|
|
|
30c500 |
This patch fixes it by using strncmp(3) and by ignoring user names
|
|
|
30c500 |
that does not fit into utmp log format. It's better not to warn than
|
|
|
30c500 |
spamming unrelated user.
|
|
|
30c500 |
|
|
|
30c500 |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
30c500 |
Signed-off-by: Jan Kara <jack@suse.cz>
|
|
|
30c500 |
---
|
|
|
30c500 |
quota_nld.c | 5 ++++-
|
|
|
30c500 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
30c500 |
|
|
|
30c500 |
diff --git a/quota_nld.c b/quota_nld.c
|
|
|
30c500 |
index ea541e0..8559f25 100644
|
|
|
30c500 |
--- a/quota_nld.c
|
|
|
30c500 |
+++ b/quota_nld.c
|
|
|
30c500 |
@@ -262,6 +262,8 @@ static void write_console_warning(struct quota_warning *warn)
|
|
|
30c500 |
warn->warntype == QUOTA_NL_BSOFTBELOW) && !(flags & FL_PRINTBELOW))
|
|
|
30c500 |
return;
|
|
|
30c500 |
uid2user(warn->caused_id, user);
|
|
|
30c500 |
+ if (strlen(user) > UT_NAMESIZE)
|
|
|
30c500 |
+ goto skip_utmp;
|
|
|
30c500 |
strcpy(dev, "/dev/");
|
|
|
30c500 |
|
|
|
30c500 |
setutent();
|
|
|
30c500 |
@@ -270,7 +272,7 @@ static void write_console_warning(struct quota_warning *warn)
|
|
|
30c500 |
if (uent->ut_type != USER_PROCESS)
|
|
|
30c500 |
continue;
|
|
|
30c500 |
/* Entry for a different user? */
|
|
|
30c500 |
- if (strcmp(user, uent->ut_user))
|
|
|
30c500 |
+ if (strncmp(user, uent->ut_user, UT_NAMESIZE))
|
|
|
30c500 |
continue;
|
|
|
30c500 |
sstrncpy(dev+5, uent->ut_line, PATH_MAX-5);
|
|
|
30c500 |
if (stat(dev, &st) < 0)
|
|
|
30c500 |
@@ -281,6 +283,7 @@ static void write_console_warning(struct quota_warning *warn)
|
|
|
30c500 |
}
|
|
|
30c500 |
}
|
|
|
30c500 |
if (!max_atime) {
|
|
|
30c500 |
+skip_utmp:
|
|
|
30c500 |
/*
|
|
|
30c500 |
* This can happen quite easily so don't spam syslog with
|
|
|
30c500 |
* the error
|
|
|
30c500 |
--
|
|
|
30c500 |
2.13.6
|
|
|
30c500 |
|