Hi Paul, On 3/11/23 20:29, Paul Eggert wrote: > From 522b2db5619bd26631bd444d208768f740c2fdba Mon Sep 17 00:00:00 2001 > From: Paul Eggert <egg...@cs.ucla.edu> > Date: Sat, 11 Mar 2023 10:34:21 -0800 > Subject: [PATCH 6/6] Fix su silent truncation > > * src/su.c (check_perms): Do not silently truncate user name. > Use snprintf instead of strlcpy as the latter doesn't buy much here > and this avoids depending on strlcpy. > > Signed-off-by: Paul Eggert <egg...@cs.ucla.edu> > --- > src/su.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/src/su.c b/src/su.c > index 9c134a9b..740d31f9 100644 > --- a/src/su.c > +++ b/src/su.c > @@ -658,7 +658,14 @@ static /*@only@*/struct passwd * check_perms (void) > SYSLOG ((LOG_INFO, > "Change user from '%s' to '%s' as requested by PAM", > name, tmp_name)); > - strlcpy (name, tmp_name, sizeof(name)); > + int tmp_namelen = snprintf (name, sizeof name, tmp_name);
This will likely trigger a warning about using a variable for the format string. Are you sure it's can't have conversion specifiers? Otherwise, we should use "%s" (if we go the way of snprintf(3)). But I suggest adding error using strlcpy(3), since it reads much simpler, and adding error checking to it. Anyway, we can't stop depending on libbsd until we find a solution for readpassphrase(3bsd). Cheers, Alex > + if (! (0 <= tmp_namelen && tmp_namelen < sizeof name)) { > + fprintf (stderr, _("Overlong user name '%s'\n"), > + tmp_name); > + SYSLOG ((LOG_NOTICE, "Overlong user name '%s'", > + tmp_name)); > + su_failure (caller_tty, true); > + } > pw = xgetpwnam (name); > if (NULL == pw) { > (void) fprintf (stderr, > @@ -1213,4 +1220,3 @@ int main (int argc, char **argv) > > return (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC); > } > - > -- > 2.37.2 > -- <http://www.alejandro-colomar.es/> GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
OpenPGP_signature
Description: OpenPGP digital signature