[uClibc]write past the buffer in getlogin_r()
Luc Van Oostenryck
luc.vanoostenryck at easynet.be
Sat Nov 9 22:48:16 UTC 2002
If my interpretation of SuSv3 is correct, in getlogin_r()
the trailing '\0' is written one position past the and of the buffer.
Trivial patch is here:
diff -ur uClibc-cvs/libc/unistd/getlogin.c uClibc/libc/unistd/getlogin.c
--- uClibc-cvs/libc/unistd/getlogin.c Fri Nov 8 00:30:14 2002
+++ uClibc/libc/unistd/getlogin.c Fri Nov 8 00:30:53 2002
@@ -42,7 +42,7 @@
return -1;
strncpy(name, foo, len);
- name[len] = '\0';
+ name[len-1] = '\0';
return 0;
}
--
Luc Van Oostenryck
More information about the uClibc
mailing list