[uClibc]write past the buffer in getlogin_r()

Luc Van Oostenryck luc.vanoostenryck at easynet.be
Sat Nov 9 22:48:16 UTC 2002


If my interpretation of SuSv3 is correct, in getlogin_r()
the trailing '\0' is written one position past the and of the buffer.
Trivial patch is here:

diff -ur uClibc-cvs/libc/unistd/getlogin.c uClibc/libc/unistd/getlogin.c
--- uClibc-cvs/libc/unistd/getlogin.c	Fri Nov  8 00:30:14 2002
+++ uClibc/libc/unistd/getlogin.c	Fri Nov  8 00:30:53 2002
@@ -42,7 +42,7 @@
 		return -1;
 
 	strncpy(name, foo, len);
-	name[len] = '\0';
+	name[len-1] = '\0';
 	return 0;
 }
 
-- 
Luc Van Oostenryck



More information about the uClibc mailing list