Llewellyn/conky
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/conky.git synced 2025-01-13 03:11:16 +00:00
Code Issues Releases Activity

3 Bufferoverflows in a struct utmp

Browse Source 
git-svn-id: https://conky.svn.sourceforge.net/svnroot/conky/trunk/conky1@1161 7f574dfc-610e-0410-a909-a81674777703
This commit is contained in:
Nikolas Garofil 2008-06-16 20:12:39 +00:00
parent d036b5de5c
commit 6472addc09
1 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/users.c
View File

@ -31,6 +31,8 @@
#include <utmp.h>
#include <time.h>
#define BUFLEN 512
static void user_name(char *ptr)
{
const struct utmp *usr = 0;
@ -38,7 +40,10 @@ static void user_name(char *ptr)
setutent();
while ((usr = getutent()) != NULL) {
if (usr->ut_type == USER_PROCESS) {
strncat(ptr, usr->ut_name, 9);
//TODO change the magic number 9 into a constant, does anybody know where it comes from ?
if (strlen(ptr) + (strlen(usr->ut_name) > 9 ? 9 : strlen(usr->ut_name) ) + 1 <= BUFLEN) {
strncat(ptr, usr->ut_name, 9);
}
}
}
}
@ -62,7 +67,10 @@ static void user_term(char *ptr)
setutent();
while ((usr = getutent()) != NULL) {
if (usr->ut_type == USER_PROCESS) {
strncat(ptr, usr->ut_line, 13);
//TODO change the magic number 13 into a constant, does anybody know where it comes from ?
if (strlen(ptr) + (strlen(usr->ut_line) > 13 ? 13 : strlen(usr->ut_line) ) + 1 <= BUFLEN) {
strncat(ptr, usr->ut_line, 13);
}
}
}
}
@ -71,7 +79,7 @@ static void user_time(char *ptr)
const struct utmp *usr;
time_t log_in, real, diff;
struct tm *dtime;
char buf[512] = "";
char buf[BUFLEN] = "";
setutent();
while ((usr = getutent()) != NULL) {
@ -84,17 +92,19 @@ static void user_time(char *ptr)
dtime->tm_mon = dtime->tm_mon - 1;
dtime->tm_mday = dtime->tm_mday - 1;
if (dtime->tm_year > 0) {
strftime(buf, 512, "%yy %mm %dd %Hh %Mm", dtime);
strftime(buf, BUFLEN, "%yy %mm %dd %Hh %Mm", dtime);
} else if (dtime->tm_mon > 0) {
strftime(buf, 512, "%mm %dd %Hh %Mm", dtime);
strftime(buf, BUFLEN, "%mm %dd %Hh %Mm", dtime);
} else if (dtime->tm_mday > 0) {
strftime(buf, 512, "%dd %Hh %Mm", dtime);
strftime(buf, BUFLEN, "%dd %Hh %Mm", dtime);
} else if (dtime->tm_hour > 0) {
strftime(buf, 512, "%Hh %Mm", dtime);
strftime(buf, BUFLEN, "%Hh %Mm", dtime);
} else if (dtime->tm_min > 0) {
strftime(buf, 512, "%Mm", dtime);
strftime(buf, BUFLEN, "%Mm", dtime);
}
if (strlen(ptr) + strlen(buf) + 1 <= BUFLEN) {
strncat(ptr, buf, BUFLEN);
}
strncat(ptr, buf, 512);
}
}
}
@ -116,7 +126,7 @@ static void users_alloc(struct information *ptr)
void update_users(void)
{
struct information *current_info = &info;
char temp[512] = "";
char temp[BUFLEN] = "";
int t;
users_alloc(current_info);
user_name(temp);