base/SOURCES/0163-sulogin-don-t-use-strc...

From 94f380e223e7496804dcd68e204fba0a15df8bd7 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 25 May 2015 15:24:13 +0200
Subject: [PATCH 163/173] sulogin: don't use strcpy(), enlarge pwd line buffer

* according to "man getpwnam" 16384 bytes is enough to store one
  passwd entry (let's use 2*BUFSIZE to avoid magic numbers in code)

* don't use strcpy() to set empty password

Upstream: http://github.com/karelzak/util-linux/commit/d681e0956cdca1a016346424939fe1b9c6a0a549
Addresses: http://bugzilla.redhat.com/show_bug.cgi?id=1561200
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 login-utils/sulogin.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/login-utils/sulogin.c b/login-utils/sulogin.c
index bbd67b3ee..6d03bc5ae 100644
--- a/login-utils/sulogin.c
+++ b/login-utils/sulogin.c
@@ -373,8 +373,8 @@ static struct passwd *getrootpwent(int try_manually)
 	struct passwd *pw;
 	struct spwd *spw;
 	FILE *fp;
-	static char line[256];
-	static char sline[256];
+	static char line[2 * BUFSIZ];
+	static char sline[2 * BUFSIZ];
 	char *p;
 
 	/*
@@ -410,7 +410,7 @@ static struct passwd *getrootpwent(int try_manually)
 	/*
 	 * Find root in the password file.
 	 */
-	while ((p = fgets(line, 256, fp)) != NULL) {
+	while ((p = fgets(line, sizeof(line), fp)) != NULL) {
 		if (strncmp(line, "root:", 5) != 0)
 			continue;
 		p += 5;
@@ -439,12 +439,12 @@ static struct passwd *getrootpwent(int try_manually)
 	/*
 	 * The password is invalid. If there is a shadow password, try it.
 	 */
-	strcpy(pwd.pw_passwd, "");
+	*pwd.pw_passwd = '\0';
 	if ((fp = fopen(_PATH_SHADOW_PASSWD, "r")) == NULL) {
 		warn(_("cannot open %s"), _PATH_PASSWD);
 		return &pwd;
 	}
-	while ((p = fgets(sline, 256, fp)) != NULL) {
+	while ((p = fgets(sline, sizeof(sline), fp)) != NULL) {
 		if (strncmp(sline, "root:", 5) != 0)
 			continue;
 		p += 5;
@@ -458,11 +458,11 @@ static struct passwd *getrootpwent(int try_manually)
 	 */
 	if (p == NULL) {
 		warnx(_("%s: no entry for root"), _PATH_SHADOW_PASSWD);
-		strcpy(pwd.pw_passwd, "");
+		*pwd.pw_passwd = '\0';
 	}
 	if (!valid(pwd.pw_passwd)) {
 		warnx(_("%s: root password garbled"), _PATH_SHADOW_PASSWD);
-		strcpy(pwd.pw_passwd, "");
+		*pwd.pw_passwd = '\0';
 	}
 	return &pwd;
 }
-- 
2.14.4
util-linux package update Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org> 6 years ago			`From 94f380e223e7496804dcd68e204fba0a15df8bd7 Mon Sep 17 00:00:00 2001`
			`From: Karel Zak <kzak@redhat.com>`
			`Date: Mon, 25 May 2015 15:24:13 +0200`
			`Subject: [PATCH 163/173] sulogin: don't use strcpy(), enlarge pwd line buffer`

			`* according to "man getpwnam" 16384 bytes is enough to store one`
			`passwd entry (let's use 2*BUFSIZE to avoid magic numbers in code)`

			`* don't use strcpy() to set empty password`

			`Upstream: http://github.com/karelzak/util-linux/commit/d681e0956cdca1a016346424939fe1b9c6a0a549`
			`Addresses: http://bugzilla.redhat.com/show_bug.cgi?id=1561200`
			`Signed-off-by: Karel Zak <kzak@redhat.com>`
			`---`
			`login-utils/sulogin.c \| 14 +++++++-------`
			`1 file changed, 7 insertions(+), 7 deletions(-)`

			`diff --git a/login-utils/sulogin.c b/login-utils/sulogin.c`
			`index bbd67b3ee..6d03bc5ae 100644`
			`--- a/login-utils/sulogin.c`
			`+++ b/login-utils/sulogin.c`
			`@@ -373,8 +373,8 @@ static struct passwd *getrootpwent(int try_manually)`
			`struct passwd *pw;`
			`struct spwd *spw;`
			`FILE *fp;`
			`- static char line[256];`
			`- static char sline[256];`
			`+ static char line[2 * BUFSIZ];`
			`+ static char sline[2 * BUFSIZ];`
			`char *p;`

			`/*`
			`@@ -410,7 +410,7 @@ static struct passwd *getrootpwent(int try_manually)`
			`/*`
			`* Find root in the password file.`
			`*/`
			`- while ((p = fgets(line, 256, fp)) != NULL) {`
			`+ while ((p = fgets(line, sizeof(line), fp)) != NULL) {`
			`if (strncmp(line, "root:", 5) != 0)`
			`continue;`
			`p += 5;`
			`@@ -439,12 +439,12 @@ static struct passwd *getrootpwent(int try_manually)`
			`/*`
			`* The password is invalid. If there is a shadow password, try it.`
			`*/`
			`- strcpy(pwd.pw_passwd, "");`
			`+ *pwd.pw_passwd = '\0';`
			`if ((fp = fopen(_PATH_SHADOW_PASSWD, "r")) == NULL) {`
			`warn(_("cannot open %s"), _PATH_PASSWD);`
			`return &pwd;`
			`}`
			`- while ((p = fgets(sline, 256, fp)) != NULL) {`
			`+ while ((p = fgets(sline, sizeof(sline), fp)) != NULL) {`
			`if (strncmp(sline, "root:", 5) != 0)`
			`continue;`
			`p += 5;`
			`@@ -458,11 +458,11 @@ static struct passwd *getrootpwent(int try_manually)`
			`*/`
			`if (p == NULL) {`
			`warnx(_("%s: no entry for root"), _PATH_SHADOW_PASSWD);`
			`- strcpy(pwd.pw_passwd, "");`
			`+ *pwd.pw_passwd = '\0';`
			`}`
			`if (!valid(pwd.pw_passwd)) {`
			`warnx(_("%s: root password garbled"), _PATH_SHADOW_PASSWD);`
			`- strcpy(pwd.pw_passwd, "");`
			`+ *pwd.pw_passwd = '\0';`
			`}`
			`return &pwd;`
			`}`
			`--`
			`2.14.4`