system/glibc
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

calls to cuserid() can result in buffer overruns and/or overflows

Browse Source
This commit is contained in:
Jonathan Geisler 2010-03-24 16:02:15 -07:00 committed by Ulrich Drepper
parent 54bf215c6f
commit fd8ccb0427
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,5 +1,10 @@
2010-03-24 Ulrich Drepper <drepper@redhat.com>
[BZ #11397]
* sysdeps/posix/cuserid.c (cuserid): Make sure the returned string
is NUL terminated.
Patch by Jonathan Geisler <jgeisler@cse.taylor.edu>.
* sysdeps/unix/sysv/linux/mmap64.c: Allow variable shift values.
2010-03-24 H.J. Lu <hongjiu.lu@intel.com>

5
sysdeps/posix/cuserid.c
View File

@ -1,4 +1,4 @@
/* Copyright (C) 1991, 1996, 1998, 1999, 2001 Free Software Foundation, Inc.
/* Copyright (C) 1991, 1996, 1998, 1999, 2001, 2010 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@ -44,5 +44,6 @@ cuserid (s)
if (s == NULL)
s = name;
return strncpy (s, pwptr->pw_name, L_cuserid);
s[L_userid - 1] = '\0';
return strncpy (s, pwptr->pw_name, L_cuserid - 1);
}