[PATCH] login: prevent OOB read on illegal /etc/hushlogins

[PATCH] login: prevent OOB read on illegal /etc/hushlogins

[Tobias Stoeckmann]

If the file /etc/hushlogins exists and a line starts with '\0', the
login tools are prone to an off-by-one read.

I see no reliability issue with this, as it would clearly need a
hostile action from a system administrator. But for the sake of
correctness, I've sent this patch nonetheless.
---
 login-utils/logindefs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/login-utils/logindefs.c b/login-utils/logindefs.c
index f02c4752d..213ff8d25 100644
--- a/login-utils/logindefs.c
+++ b/login-utils/logindefs.c
@@ -344,7 +344,8 @@ int get_hushlogin_status(struct passwd *pwd, int force_check)
 				continue;	/* ignore errors... */
 
 			while (ok == 0 && fgets(buf, sizeof(buf), f)) {
-				buf[strlen(buf) - 1] = '\0';
+				if (buf[0] != '\0')
+					buf[strlen(buf) - 1] = '\0';
 				ok = !strcmp(buf, *buf == '/' ? pwd->pw_shell :
 								pwd->pw_name);
 			}
-- 
2.12.0

Re: [PATCH] login: prevent OOB read on illegal /etc/hushlogins

[Karel Zak]

On Sun, Mar 12, 2017 at 05:49:45PM +0100, Tobias Stoeckmann wrote:
>  login-utils/logindefs.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

 Applied, thanks.

    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com