Theo de Raadt wrote:
>
> > Philip Guenther wrote:
> > > - nutmp = read(uf, utmp, statbf.st_size)/sizeof(struct utmp);
> > > + nutmp = pread(uf, utmp, statbf.st_size, 0)/sizeof(struct utmp);
> > > dsyslog(LOG_DEBUG, "read %d utmp entries", nutmp);
> >
> > I guess you're going to claim it was like this when you got here, but
> > dividing
> > an unchecked pread() return is the craziest thing I've seen in ten minutes.
> >
> > otherwise ok.
>
> tree is open, let's see a diff :)
oh, was waiting for guenther to get out of the way, but i see he already
has...
i didn't bother with any special error checking, because this seems pretty
unlikely, but even in the worst case i think comsat shouldn't crash.
Index: comsat.c
===================================================================
RCS file: /cvs/src/libexec/comsat/comsat.c,v
retrieving revision 1.46
diff -u -p -r1.46 comsat.c
--- comsat.c 2 Apr 2017 00:53:37 -0000 1.46
+++ comsat.c 3 Apr 2017 16:31:09 -0000
@@ -170,6 +170,7 @@ doreadutmp(void)
static u_int utmpsize; /* last malloced size for utmp */
static time_t utmpmtime; /* last modification time for utmp */
struct stat statbf;
+ int n;
if (time(NULL) - lastmsgtime >= MAXIDLE)
exit(0);
@@ -194,7 +195,10 @@ doreadutmp(void)
utmp = u;
utmpsize = nutmpsize;
}
- nutmp = pread(uf, utmp, statbf.st_size, 0)/sizeof(struct utmp);
+ n = pread(uf, utmp, statbf.st_size, 0);
+ if (n == -1)
+ n = 0;
+ nutmp = n / sizeof(struct utmp);
dsyslog(LOG_DEBUG, "read %d utmp entries", nutmp);
}
(void)alarm(15);
