<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>v1.6.8: usertty fails for usernames > 7 characters</TITLE>
<META content="MSHTML 6.00.2800.1515" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=981491711-14102005>I commented out some expressions on lines 103
and 108 of src/afuser.c</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=981491711-14102005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=981491711-14102005>src/afuser.c:103 (
/*self->username->length == strlen(ut->ut_user)
&&*/</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=981491711-14102005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=981491711-14102005>src/afuser.c:108 (
/*self->username->length == strlen(ut->ut_name)
&&*/</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=981491711-14102005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=981491711-14102005><SPAN
class=981491711-14102005>These expressions appear to be optimizations that avoid
doing a subsequent memcpy when the two strings obviously won't match, so I think
commenting them out is harmless. From what I can tell, the strlen function will
return a length much greater than the actual length for user names that go over
7 (or 31 for ut_user) characters, as there is no null-terminator in that case. I
guess it eventually finds a zero somewhere beyond that point in memory.
Experimentation with getutent more or less convinced me of that, as 8 character
user names were returned with a bit of additional text, the null-string
interpretation of ut_id.</SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=981491711-14102005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=981491711-14102005>I had
to touch afuser.c to set its modification date back to Jan 31 2003 after
editing. Something in the build process breaks if the modification date on the
file is too recent.</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=981491711-14102005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=981491711-14102005>This
fixed the problem I was having with 8-character arguments to
usertty</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=981491711-14102005>
<P><B><FONT face=Impact size=4>Jay Patterson</FONT></B> <BR><FONT face=Verdana
size=2>OpenView Consultant</FONT> <BR><B><FONT face=Verdana
size=2>E-Mail:</FONT></B><I> <FONT face=Verdana
size=2>Jay.Patterson@T-Mobile.com</FONT></I> <BR><B><FONT face=Verdana
size=2>Phone:</FONT></B> <FONT face=Verdana size=2>862-812-3436</FONT>
</P></SPAN></FONT></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B>
syslog-ng-bounces@lists.balabit.hu
[mailto:syslog-ng-bounces@lists.balabit.hu]<BR><B>Sent:</B> Thursday, October
13, 2005 2:12 PM<BR><B>To:</B> syslog-ng@lists.balabit.hu<BR><B>Subject:</B>
[syslog-ng] v1.6.8: usertty fails for usernames > 7
characters<BR><BR></FONT></DIV><!-- Converted from text/rtf format -->
<P><FONT face=Arial size=2>syslog-ng-1.6.8 compiled with GCC 3.4.2 on Solaris
2.8</FONT> </P>
<P><FONT face=Arial size=2>syslog-ng won't write to userttys for login names
that are greater than 7 characters</FONT> <BR><FONT face=Arial
size=2>Equivalent functionality on syslogd works</FONT> </P>
<P><FONT face=Arial size=2>Never used getutent until today, but ...</FONT>
<BR><FONT face=Arial size=2>After using getutent a little, I've come to the
conclusion that the utmp fields are not null-terminated.</FONT> </P>
<P><FONT face=Arial size=2>Coincidently, ut_name has a size of 8</FONT><SPAN
class=981491711-14102005><FONT face=Arial color=#0000ff
size=2> </FONT></SPAN><BR><FONT face=Arial size=2>ut_user has a size of
32</FONT> </P>
<P><FONT face=Arial size=2>The code near source file "afuser.c", line 98,
seems to treat the ut_name and ut_user fields as if they were
null-terminated.</FONT></P>
<P><B><FONT face=Impact size=4>Jay Patterson</FONT></B> <BR><FONT face=Verdana
size=2>OpenView Consultant</FONT> <BR><B><FONT face=Verdana
size=2>E-Mail:</FONT></B><I> <FONT face=Verdana
size=2>Jay.Patterson@T-Mobile.com</FONT></I> <BR><B><FONT face=Verdana
size=2>Phone:</FONT></B> <FONT face=Verdana size=2>862-812-3436</FONT>
</P></BLOCKQUOTE></BODY></HTML>