bug#65617: coreutils 9.4: seg.fault in readutmp with systemd

2023-08-31 Thread Bruno Haible 
Paul Eggert wrote:
> I installed the attached patch into Gnulib 
> and this should appear in the next coreutils release.

Unfortunately, this patch introduces a memory leak: If
num_sessions == 0 and sessions != NULL (which can happen, according
to the man page), we need to call free (sessions).

This patch fixes it.


2023-08-31  Bruno Haible  

readutmp: Fix memory leak introduced by last commit.
* lib/readutmp.c (read_utmp_from_systemd): If num_sessions == 0 and
sessions != NULL, do call free (sessions).

diff --git a/lib/readutmp.c b/lib/readutmp.c
index e99158677c..ec09feb59b 100644
--- a/lib/readutmp.c
+++ b/lib/readutmp.c
@@ -795,7 +795,7 @@ read_utmp_from_systemd (idx_t *n_entries, STRUCT_UTMP 
**utmp_buf, int options)
 {
   char **sessions;
   int num_sessions = sd_get_sessions ();
-  if (num_sessions > 0)
+  if (num_sessions >= 0 && sessions != NULL)
 {
   char **session_ptr;
   for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)

bug#65617: coreutils 9.4: seg.fault in readutmp with systemd

2023-08-30 Thread Paul Eggert 
Thanks for reporting that. I installed the attached patch into Gnulib 
and this should appear in the next coreutils release.From 1e6a26f9312bb47e070f94b17b14dc1a6ffbb74f Mon Sep 17 00:00:00 2001
From: Paul Eggert 
Date: Wed, 30 Aug 2023 18:26:52 -0700
Subject: [PATCH] readutmp: fix core dump if --enable-systemd
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Problem reported by Thorsten Kukuk .
* lib/readutmp.c (read_utmp_from_systemd):
Don’t assume session_ptr != NULL if num_sessions == 0.
In practice it can be null, and the man page OKs this behavior.
---
 ChangeLog  | 8 
 lib/readutmp.c | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index d4b2287307..9c9c89638c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2023-08-30  Paul Eggert  
+
+	readutmp: fix core dump if --enable-systemd
+	Problem reported by Thorsten Kukuk .
+	* lib/readutmp.c (read_utmp_from_systemd):
+	Don’t assume session_ptr != NULL if num_sessions == 0.
+	In practice it can be null, and the man page OKs this behavior.
+
 2023-08-30  Bruno Haible  
 
 	doc: Mention the module 'wchar-single'.
diff --git a/lib/readutmp.c b/lib/readutmp.c
index 0173b7e0c1..e99158677c 100644
--- a/lib/readutmp.c
+++ b/lib/readutmp.c
@@ -795,7 +795,7 @@ read_utmp_from_systemd (idx_t *n_entries, STRUCT_UTMP **utmp_buf, int options)
 {
   char **sessions;
   int num_sessions = sd_get_sessions ();
-  if (num_sessions >= 0)
+  if (num_sessions > 0)
 {
   char **session_ptr;
   for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)
-- 
2.39.2

bug#65617: coreutils 9.4: seg.fault in readutmp with systemd

2023-08-30 Thread Thorsten Kukuk via GNU coreutils Bug Reports 


coreutils 9.4 with the --enable-systemd option seg.faults in
lib/readutmp.c, line 801:

for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)

If there is no session, "sessions" is NULL and "*session_ptr" will
dereference a NULL pointer.
Affected are who, pinky and uptime.

A simple fix:

diff --git a/lib/readutmp.c b/lib/readutmp.c
index 0173b7e0c1..e99158677c 100644
--- a/lib/readutmp.c
+++ b/lib/readutmp.c
@@ -795,7 +795,7 @@ read_utmp_from_systemd (idx_t *n_entries, STRUCT_UTMP 
**utmp_buf, int options)
 {
   char **sessions;
   int num_sessions = sd_get_sessions ();
-  if (num_sessions >= 0)
+  if (num_sessions > 0)
 {
   char **session_ptr;
   for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)


-- 
Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, 
Germany
Managing Director: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)