Fix reading loginuid file in getlogin{,_r}.

git-mirror · Apr 9, 2010 · aa6436d · aa6436d
1 parent ad3d3e8
commit aa6436d
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,5 +1,9 @@
 2010-04-08  Ulrich Drepper  <drepper@redhat.com>
 
+	* sysdeps/unix/sysv/linux/getlogin_r.c (__getlogin_r_loginuid): When
+	reading the loginuid file use a buffer which is always large enough.
+	NUL-terminate the string.
+
 	* malloc/malloc.c (_int_malloc): Return NULL if printing error message
 	returns.
 

diff --git a/sysdeps/unix/sysv/linux/getlogin_r.c b/sysdeps/unix/sysv/linux/getlogin_r.c
@@ -37,13 +37,20 @@ __getlogin_r_loginuid (name, namesize)
   if (fd == -1)
     return 1;
 
-  ssize_t n = TEMP_FAILURE_RETRY (read_not_cancel (fd, name, namesize));
+  /* We are reading a 32-bit number.  12 bytes are enough for the text
+     representation.  If not, something is wrong.  */
+  char uidbuf[12];
+  ssize_t n = TEMP_FAILURE_RETRY (read_not_cancel (fd, uidbuf,
+						   sizeof (uidbuf)));
   close_not_cancel_no_status (fd);
 
   uid_t uid;
   char *endp;
   if (n <= 0
-      || (uid = strtoul (name, &endp, 10), endp == name || *endp != '\0'))
+      || n == sizeof (uidbuf)
+      || (uidbuf[n] = '\0',
+	  uid = strtoul (uidbuf, &endp, 10),
+	  endp == uidbuf || *endp != '\0'))
     return 1;
 
   size_t buflen = 1024;
@@ -84,8 +91,9 @@ __getlogin_r_loginuid (name, namesize)
 }
 
 
-/* Return the login name of the user, or NULL if it can't be determined.
-   The returned pointer, if not NULL, is good only until the next call.  */
+/* Return at most NAME_LEN characters of the login name of the user in NAME.
+   If it cannot be determined or some other error occurred, return the error
+   code.  Otherwise return 0.  */
 
 int
 getlogin_r (name, namesize)