Paul Eggert <[EMAIL PROTECTED]> wrote: > I noticed that who.c's make_id_equals_comment uses sprintf with an > "%.*s" format to copy a value that might not be null-terminated; this > results in undefined behavior. I don't know of any host where it > doesn't work but it's easy to be safe. > > I then audited for other sprintf glitches and/or bugs and propose the > following patch for them all. Each hunk is pretty much independent. > > 2004-06-13 Paul Eggert <[EMAIL PROTECTED]> > > * src/who.c (PIDSTR_DECL_AND_INIT): Don't assume pid_t fits > in int. > (UT_ID) [!HAVE_STRUCT_XTMP_UT_ID]: Remove bogus comment, > as (sizeof "??") reliably returns 3. > (print_line): Guard against idle and pid being too long > (which is possible when printing headers). > (print_user): Allocate enough bytes for idlestr. Use IDLESTR_LEN. > Avoid unnecessary cast of sizeof to int. > (make_id_equals_comment): Do not assume that UT_ID returns > a string; it might return a non-null-terminated array. > Use strncat instead. It's not very often where > strncat is exactly what you want, but this is one of those rare cases.
Applied. Thanks. _______________________________________________ Bug-coreutils mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/bug-coreutils
