I was playing with afl a few weeks ago and found this. I believe it is
triggered by non-sequential timestamp records, but I didn’t dig into it or run
afl for particularly long. The patch below fixed all the crashes afl had found
up to that point.
The string used doesn’t matter, ‘crmsg’ just needs to be initialized in case
there isn’t a ‘~’ entry prior to needing to use it.
Thanks.
--david
Index: last.c
===================================================================
RCS file: /cvs/src/usr.bin/last/last.c,v
retrieving revision 1.43
diff -u -p -r1.43 last.c
--- last.c 26 Nov 2014 18:34:51 -0000 1.43
+++ last.c 27 Nov 2014 14:36:45 -0000
@@ -241,7 +241,7 @@ wtmp(void)
{
time_t delta, total = 0;
int timesize, wfd, snapfound = 0;
- char *ct, *crmsg;
+ char *ct, *crmsg = "invalid";
struct utmp *bp;
struct stat stb;
ssize_t bytes;
