Skip to content

Commit

Permalink
calls to cuserid() can result in buffer overruns and/or overflows
Browse files Browse the repository at this point in the history
  • Loading branch information
Jonathan Geisler authored and Ulrich Drepper committed Mar 24, 2010
1 parent 54bf215 commit fd8ccb0
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
5 changes: 5 additions & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
2010-03-24 Ulrich Drepper <drepper@redhat.com>

[BZ #11397]
* sysdeps/posix/cuserid.c (cuserid): Make sure the returned string
is NUL terminated.
Patch by Jonathan Geisler <jgeisler@cse.taylor.edu>.

* sysdeps/unix/sysv/linux/mmap64.c: Allow variable shift values.

2010-03-24 H.J. Lu <hongjiu.lu@intel.com>
Expand Down
5 changes: 3 additions & 2 deletions sysdeps/posix/cuserid.c
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* Copyright (C) 1991, 1996, 1998, 1999, 2001 Free Software Foundation, Inc.
/* Copyright (C) 1991, 1996, 1998, 1999, 2001, 2010 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
Expand Down Expand Up @@ -44,5 +44,6 @@ cuserid (s)

if (s == NULL)
s = name;
return strncpy (s, pwptr->pw_name, L_cuserid);
s[L_userid - 1] = '\0';
return strncpy (s, pwptr->pw_name, L_cuserid - 1);
}

0 comments on commit fd8ccb0

Please sign in to comment.