Project

General

Profile

Bug #1448

Potential buffer overflow in mylogin()

Added by Matthias Diener 27 days ago.

Status:
New
Priority:
Low
Category:
-
Target version:
-
Start date:
02/27/2017
Due date:
% Done:

0%


Description

There is a potential buffer overflow in mylogin() when having a long username

    char uname[64];
    sprintf(cmd, "id -u -n");
    p = popen(cmd, "r");
    if (p) {
      fscanf(p, "%s", uname);

If the username is longer than 64 characters, it will overwrite the uname variable. Current systems support usernames of at least 256 characters (test with getconf LOGIN_NAME_MAX).

I can see two ways to fix this:
- Completely remove the #if CMK_HAS_POPEN case.
- Replace with getline()/strdup().

Also available in: Atom PDF