[Pkg-sysvinit-devel] Bug#368793: sysvinit: Overflow caused by strcpy()

Petter Reinholdtsen pere at hungry.com
Fri Jul 14 10:56:03 UTC 2006


Sad that valgrind didn't report anything useful. :(

Reading through the use of strcpy() in last.c, I only find one place
where the destination buffer might be to small:

   350  int list(struct utmp *p, time_t t, int what)
   351  {
   352          time_t          secs, tmp;
   353          char            logintime[32];
        [...]
   389          tmp = (time_t)p->ut_time;
   390          strcpy(logintime, ctime(&tmp)); /* XXX */
        [...]
   484          return 0;
   485  }

Could this be the problematic strcpy()?  Without a backtrace, it is
hard to tell.  I'm not sure how to find out.

Can you check if it help to increase the logintime buffer size?  Are
you able to get a backtrace with line numbers for this error, so we
can verify the position in the source where it crashes?

Friendly,
-- 
Petter Reinholdtsen




More information about the Pkg-sysvinit-devel mailing list