Module Name: src
Committed By: christos
Date: Fri Sep 29 12:08:03 UTC 2023
Modified Files:
src/libexec/utmp_update: utmp_update.c
Log Message:
Check for non-printable characters in ut_host.
reported by https://twitter.com/adamsimuntis
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/libexec/utmp_update/utmp_update.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/utmp_update/utmp_update.c
diff -u src/libexec/utmp_update/utmp_update.c:1.13 src/libexec/utmp_update/utmp_update.c:1.14
--- src/libexec/utmp_update/utmp_update.c:1.13 Sun Apr 26 04:56:19 2015
+++ src/libexec/utmp_update/utmp_update.c Fri Sep 29 08:08:03 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: utmp_update.c,v 1.13 2015/04/26 08:56:19 mlelstv Exp $ */
+/* $NetBSD: utmp_update.c,v 1.14 2023/09/29 12:08:03 christos Exp $ */
/*-
* Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: utmp_update.c,v 1.13 2015/04/26 08:56:19 mlelstv Exp $");
+__RCSID("$NetBSD: utmp_update.c,v 1.14 2023/09/29 12:08:03 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -41,6 +41,7 @@ __RCSID("$NetBSD: utmp_update.c,v 1.13 2
#include <err.h>
#include <fcntl.h>
#include <pwd.h>
+#include <ctype.h>
#include <utmpx.h>
#include <stdlib.h>
#include <string.h>
@@ -80,6 +81,7 @@ main(int argc, char *argv[])
int res;
uid_t euid, ruid;
char tty[MAXPATHLEN];
+ const char *p, *ep;
euid = geteuid();
ruid = getuid();
@@ -115,6 +117,12 @@ main(int argc, char *argv[])
logerr(0, "Invalid utmpx type %d", (int)utx->ut_type);
}
+ p = utx->ut_host;
+ ep = p + sizeof(utx->ut_host);
+ for (; p < ep && *p; p++)
+ if (!isprint((unsigned char)*p))
+ logerr(0, "Non-printable characters in hostname");
+
if (ruid != 0) {
if ((pwd = getpwuid(ruid)) == NULL)
logerr(0, "User %ld does not exist in password"
