This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch, master, updated. glibc-2.11-281-gfd8ccb0


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  fd8ccb0427569ffdfbb70c8828029122f3459160 (commit)
      from  54bf215c6f6811161275654518161b6bd5b8e325 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fd8ccb0427569ffdfbb70c8828029122f3459160

commit fd8ccb0427569ffdfbb70c8828029122f3459160
Author: Jonathan Geisler <jgeisler@cse.taylor.edu>
Date:   Wed Mar 24 16:02:15 2010 -0700

    calls to cuserid() can result in buffer overruns and/or overflows

diff --git a/ChangeLog b/ChangeLog
index 7a7e46c..0e606dd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2010-03-24  Ulrich Drepper  <drepper@redhat.com>
 
+	[BZ #11397]
+	* sysdeps/posix/cuserid.c (cuserid): Make sure the returned string
+	is NUL terminated.
+	Patch by Jonathan Geisler <jgeisler@cse.taylor.edu>.
+
 	* sysdeps/unix/sysv/linux/mmap64.c: Allow variable shift values.
 
 2010-03-24  H.J. Lu  <hongjiu.lu@intel.com>
diff --git a/sysdeps/posix/cuserid.c b/sysdeps/posix/cuserid.c
index 11c827a..f30c20e 100644
--- a/sysdeps/posix/cuserid.c
+++ b/sysdeps/posix/cuserid.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1991, 1996, 1998, 1999, 2001 Free Software Foundation, Inc.
+/* Copyright (C) 1991, 1996, 1998, 1999, 2001, 2010 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -44,5 +44,6 @@ cuserid (s)
 
   if (s == NULL)
     s = name;
-  return strncpy (s, pwptr->pw_name, L_cuserid);
+  s[L_userid - 1] = '\0';
+  return strncpy (s, pwptr->pw_name, L_cuserid - 1);
 }

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog               |    5 +++++
 sysdeps/posix/cuserid.c |    5 +++--
 2 files changed, 8 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]