/bin/su long usernames corrupt environment +FIX
Steven M. Schultz
sms at etn-wlv.eaton.com
Fri Mar 31 03:40:54 AEST 1989
Description:
If a username is more than about 10 characters (either by
accident or intentionally) the buffer 'userbuf' will overflow
causing a corrupt environment.
Repeat-By:
Either be running on a system with usernames allowed to be
greater than the standard 8, or inadvertently add a user with
a loginname of 10 or more characters. Note that the username
is not truncated to the maximum number of characters that are
in the utmp/wtmp structures.
Fix:
Apply the patch below, it increases the userbuf to a size more
in keeping with the overallocated sizes of the buffers which
follow it.
*** su.c.old Thu Mar 30 09:26:16 1989
--- su.c Thu Mar 30 09:26:55 1989
***************
*** 22,28 ****
#include <sys/time.h>
#include <sys/resource.h>
! char userbuf[16] = "USER=";
char homebuf[128] = "HOME=";
char shellbuf[128] = "SHELL=";
char pathbuf[128] = "PATH=:/usr/ucb:/bin:/usr/bin";
--- 22,28 ----
#include <sys/time.h>
#include <sys/resource.h>
! char userbuf[64] = "USER=";
char homebuf[128] = "HOME=";
char shellbuf[128] = "SHELL=";
char pathbuf[128] = "PATH=:/usr/ucb:/bin:/usr/bin";
More information about the Comp.bugs.2bsd
mailing list