Idle user logoff (untamo bug)
Brian Glendenning
bglenden at colobus.cv.nrao.edu
Fri Jan 4 07:43:58 AEST 1991
Thanks for the many helpful replies I have gotten. I have discovered a
bug in untamo. Since I don't know who is responsible for it any more
(mail to doc at purdue bounced) I'll post it here so at least the
people who told me about untamo will see it:
In untamo.c we find the lines:
pswd = getpwnam(utmpbuf.ut_name);
user->ugroup = pswd->pw_gid;
but if we look in <utmp.h> we find
struct utmp {
char ut_line[8]; /* tty name */
char ut_name[8]; /* user id */
char ut_host[16]; /* host name, if remote */
long ut_time; /* time on */
};
Thus if your user name is 8 chars, ut_name won't be null terminated
(you'll probably get ut_name and ut_host concatenated before you get a
termination). This will make getpwnam fail and return a null. Then in
the second line you will be dereferencing a null pointer. Bang. core
dump.
The cure is to at least check that pswd isn't null before
dereferencing, and probably to do something like:
{ char name[9];
strncpy(name,utmpbuf.ut_name,8);
name[9]=0;
...
}
And check the return on getpwnam. But I can't see how to make it work
at all for user names longer than 8 chars, although I guess you could
hope that they are unique in the first 8 and look through each entry
of the passwd file.
Brian
--
Brian Glendenning - National Radio Astronomy Observatory
bglenden at nrao.edu bglenden at nrao.bitnet (804) 296-0286
More information about the Comp.unix.questions
mailing list