From d4a05cc653c9e251a04afa9bd4f5a75777029445 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 2 Feb 2023 15:46:43 +0100
Subject: last: use snprintf() rather than sprintf()

Signed-off-by: Karel Zak <kzak@redhat.com>
Upstream: http://github.com/util-linux/util-linux/commit/79fb7e18f45e84c6f1a030b5df56cb2bdad26df0
Upstream: http://github.com/util-linux/util-linux/commit/6cd0043221b31a344db8f5dcb82822a2519a2e74
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2166653
---
 login-utils/last.c | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/login-utils/last.c b/login-utils/last.c
index f3272caeb..7f4421c89 100644
--- a/login-utils/last.c
+++ b/login-utils/last.c
@@ -463,48 +463,48 @@ static int list(const struct last_control *ctl, struct utmpx *p, time_t logout_t
 
 	if (logout_time == currentdate) {
 		if (ctl->time_fmt > LAST_TIMEFTM_SHORT) {
-			sprintf(logouttime, "  still running");
+			snprintf(logouttime, sizeof(logouttime), "  still running");
 			length[0] = 0;
 		} else {
-			sprintf(logouttime, "  still");
-			sprintf(length, "running");
+			snprintf(logouttime, sizeof(logouttime), "  still");
+			snprintf(length, sizeof(length), "running");
 		}
 	} else if (days) {
-		sprintf(length, "(%d+%02d:%02d)", days, abs(hours), abs(mins)); /* hours and mins always shown as positive (w/o minus sign!) even if secs < 0 */
+		snprintf(length, sizeof(length), "(%d+%02d:%02d)", days, abs(hours), abs(mins)); /* hours and mins always shown as positive (w/o minus sign!) even if secs < 0 */
 	} else if (hours) {
-		sprintf(length, " (%02d:%02d)", hours, abs(mins));  /* mins always shown as positive (w/o minus sign!) even if secs < 0 */
+		snprintf(length, sizeof(length), " (%02d:%02d)", hours, abs(mins));  /* mins always shown as positive (w/o minus sign!) even if secs < 0 */
 	} else if (secs >= 0) {
-		sprintf(length, " (%02d:%02d)", hours, mins);
+		snprintf(length, sizeof(length), " (%02d:%02d)", hours, mins);
 	} else {
-		sprintf(length, " (-00:%02d)", abs(mins));  /* mins always shown as positive (w/o minus sign!) even if secs < 0 */
+		snprintf(length, sizeof(length), " (-00:%02d)", abs(mins));  /* mins always shown as positive (w/o minus sign!) even if secs < 0 */
 	}
 
 	switch(what) {
 		case R_CRASH:
-			sprintf(logouttime, "- crash");
+			snprintf(logouttime, sizeof(logouttime), "- crash");
 			break;
 		case R_DOWN:
-			sprintf(logouttime, "- down ");
+			snprintf(logouttime, sizeof(logouttime), "- down ");
 			break;
 		case R_NOW:
 			if (ctl->time_fmt > LAST_TIMEFTM_SHORT) {
-				sprintf(logouttime, "  still logged in");
+				snprintf(logouttime, sizeof(logouttime), "  still logged in");
 				length[0] = 0;
 			} else {
-				sprintf(logouttime, "  still");
-				sprintf(length, "logged in");
+				snprintf(logouttime, sizeof(logouttime), "  still");
+				snprintf(length, sizeof(length), "logged in");
 			}
 			break;
 		case R_PHANTOM:
 			if (ctl->time_fmt > LAST_TIMEFTM_SHORT) {
-				sprintf(logouttime, "  gone - no logout");
+				snprintf(logouttime, sizeof(logouttime), "  gone - no logout");
 				length[0] = 0;
 			} else if (ctl->time_fmt == LAST_TIMEFTM_SHORT) {
-				sprintf(logouttime, "   gone");
-				sprintf(length, "- no logout");
+				snprintf(logouttime, sizeof(logouttime), "   gone");
+				snprintf(length, sizeof(length), "- no logout");
 			} else {
 				logouttime[0] = 0;
-				sprintf(length, "no logout");
+				snprintf(length, sizeof(length), "no logout");
 			}
 			break;
 		case R_TIMECHANGE:
@@ -756,7 +756,7 @@ static void process_wtmp_file(const struct last_control *ctl,
 		else {
 			if (ut.ut_type != DEAD_PROCESS &&
 			    ut.ut_user[0] && ut.ut_line[0] &&
-			    strcmp(ut.ut_user, "LOGIN") != 0)
+			    strncmp(ut.ut_user, "LOGIN", 5) != 0)
 				ut.ut_type = USER_PROCESS;
 			/*
 			 * Even worse, applications that write ghost
@@ -769,7 +769,7 @@ static void process_wtmp_file(const struct last_control *ctl,
 			/*
 			 * Clock changes.
 			 */
-			if (strcmp(ut.ut_user, "date") == 0) {
+			if (strncmp(ut.ut_user, "date", 4) == 0) {
 				if (ut.ut_line[0] == '|')
 					ut.ut_type = OLD_TIME;
 				if (ut.ut_line[0] == '{')
@@ -804,7 +804,7 @@ static void process_wtmp_file(const struct last_control *ctl,
 		case RUN_LVL:
 			x = ut.ut_pid & 255;
 			if (ctl->extended) {
-				sprintf(ut.ut_line, "(to lvl %c)", x);
+				snprintf(ut.ut_line, sizeof(ut.ut_line), "(to lvl %c)", x);
 				quit = list(ctl, &ut, lastrch, R_NORMAL);
 			}
 			if (x == '0' || x == '6') {
-- 
2.39.1