This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug build/22447] unsafe call to strlen with a non-string in getlogin_r.c

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Wed, 22 Nov 2017 18:45:29 +0000
Subject: [Bug build/22447] unsafe call to strlen with a non-string in getlogin_r.c
Auto-submitted: auto-generated
References: <bug-22447-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=22447

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  4bae615022cb5a5da79ccda83cc6c9ba9f2d479c (commit)
      from  4b7af5fca7db9fe1f4c078c57f20a08e2a1e2404 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4bae615022cb5a5da79ccda83cc6c9ba9f2d479c

commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Wed Nov 22 18:44:23 2017 +0000

    Avoid use of strlen in getlogin_r (bug 22447).

    Building glibc with current mainline GCC fails, among other reasons,
    because of an error for use of strlen on the nonstring ut_user field.
    This patch changes the problem code in getlogin_r to use __strnlen
    instead.  It also needs to set the trailing NUL byte of the result
    explicitly, because of the case where ut_user does not have such a
    trailing NUL byte (but the result should always have one).

    Tested for x86_64.  Also tested that, in conjunction with
    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
    the build for arm with mainline GCC.

        [BZ #22447]
        * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
        strlen to compute length of ut_user and set trailing NUL byte of
        result explicitly.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                 |    7 +++++++
 sysdeps/unix/getlogin_r.c |    5 +++--
 2 files changed, 10 insertions(+), 2 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug build/22447] New: unsafe call to strlen with a non-string in getlogin_r.c
  - From: msebor at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]