diff options
Diffstat (limited to 'crypto/openssh/loginrec.c')
-rw-r--r-- | crypto/openssh/loginrec.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/crypto/openssh/loginrec.c b/crypto/openssh/loginrec.c index 59e8a44..4219b9a 100644 --- a/crypto/openssh/loginrec.c +++ b/crypto/openssh/loginrec.c @@ -310,9 +310,13 @@ login_get_lastlog(struct logininfo *li, const uid_t uid) fatal("%s: Cannot find account for uid %ld", __func__, (long)uid); - /* No MIN_SIZEOF here - we absolutely *must not* truncate the - * username (XXX - so check for trunc!) */ - strlcpy(li->username, pw->pw_name, sizeof(li->username)); + if (strlcpy(li->username, pw->pw_name, sizeof(li->username)) >= + sizeof(li->username)) { + error("%s: username too long (%lu > max %lu)", __func__, + (unsigned long)strlen(pw->pw_name), + (unsigned long)sizeof(li->username) - 1); + return NULL; + } if (getlast_entry(li)) return (li); @@ -320,7 +324,6 @@ login_get_lastlog(struct logininfo *li, const uid_t uid) return (NULL); } - /* * login_alloc_entry(int, char*, char*, char*) - Allocate and initialise * a logininfo structure |