[BusyBox 0000742]: unterminated string in libbb/login.c

bugs at busybox.net bugs at busybox.net
Mon Feb 20 10:31:43 UTC 2006


The following issue has been CLOSED 
====================================================================== 
http://busybox.net/bugs/view.php?id=742 
====================================================================== 
Reported By:                rfelker
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   742
Category:                   Security
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     closed
Resolution:                 no change required
Fixed in Version:           
====================================================================== 
Date Submitted:             02-19-2006 12:54 PST
Last Modified:              02-20-2006 02:31 PST
====================================================================== 
Summary:                    unterminated string in libbb/login.c
Description: 
In print_login_prompt, buf is not terminated if gethostname uses the full
buffer (the extra byte allocated for the terminating null is left
uninitialized).

(SuSv3 does not require NULL termination by gethostname in the case where
the full buffer is used.)

Also, HOST_NAME_MAX (portable, from limits.h) should be used instead of
MAXHOSTNAMELEN (nonportable, from sys/param.h).

====================================================================== 

---------------------------------------------------------------------- 
 vapier - 02-19-06 15:03  
---------------------------------------------------------------------- 
fixed in svn 

---------------------------------------------------------------------- 
 vodz - 02-20-06 02:30  
---------------------------------------------------------------------- 
http://www.unix.org/single_unix_specification/

The gethostname() function shall return the standard host name for the
current machine. The namelen argument shall specify the size of the array
pointed to by the name argument. The returned name shall be
null-terminated, except that if namelen is an insufficient length to hold
the host name, then the returned name shall be truncated and it is
unspecified whether the returned name is null-terminated. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
02-19-06 12:54  rfelker        New Issue                                    
02-19-06 12:54  rfelker        Status                   new => assigned     
02-19-06 12:54  rfelker        Assigned To               => BusyBox         
02-19-06 15:03  vapier         Note Added: 0001119                          
02-19-06 15:03  vapier         Status                   assigned => closed  
02-19-06 15:03  vapier         Resolution               open => fixed       
02-20-06 02:30  vodz           Status                   closed => feedback  
02-20-06 02:30  vodz           Resolution               fixed => reopened   
02-20-06 02:30  vodz           Note Added: 0001120                          
02-20-06 02:31  vodz           Status                   feedback => closed  
02-20-06 02:31  vodz           Resolution               reopened => no change
required
======================================================================




More information about the busybox-cvs mailing list