From 6b7558c8f88851ab954174e62d3b1e46cd2664b1 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 20 Jan 2014 16:24:18 +0000 Subject: pam_limits: fix utmp->ut_user handling ut_user member of struct utmp is a string that is not necessarily null-terminated, so extra care should be taken when using it. * modules/pam_limits/pam_limits.c (check_logins): Convert ut->UT_USER to a null-terminated string and consistently use it where a null-terminated string is expected. --- modules/pam_limits/pam_limits.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'modules/pam_limits') diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index e2bc8e18..eabc8567 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -270,20 +270,25 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, continue; } if (!pl->flag_numsyslogins) { + char user[sizeof(ut->UT_USER) + 1]; + user[0] = '\0'; + strncat(user, ut->UT_USER, sizeof(ut->UT_USER)); + if (((pl->login_limit_def == LIMITS_DEF_USER) || (pl->login_limit_def == LIMITS_DEF_GROUP) || (pl->login_limit_def == LIMITS_DEF_DEFAULT)) - && strncmp(name, ut->UT_USER, sizeof(ut->UT_USER)) != 0) { + && strcmp(name, user) != 0) { continue; } if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) - && !pam_modutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) { + && !pam_modutil_user_in_group_nam_nam(pamh, user, pl->login_group)) { continue; } if (kill(ut->ut_pid, 0) == -1 && errno == ESRCH) { /* process does not exist anymore */ pam_syslog(pamh, LOG_WARNING, - "Stale utmp entry (pid %d) for '%s' ignored", ut->ut_pid, name); + "Stale utmp entry (pid %d) for '%s' ignored", + ut->ut_pid, user); continue; } } -- cgit v1.2.3