sms@etn-wlv.eaton.com (Steven M. Schultz) (03/31/89)
Description: If a username is more than about 10 characters (either by accident or intentionally) the buffer 'userbuf' will overflow causing a corrupt environment. Repeat-By: Either be running on a system with usernames allowed to be greater than the standard 8, or inadvertently add a user with a loginname of 10 or more characters. Note that the username is not truncated to the maximum number of characters that are in the utmp/wtmp structures. Fix: Apply the patch below, it increases the userbuf to a size more in keeping with the overallocated sizes of the buffers which follow it. *** su.c.old Thu Mar 30 09:26:16 1989 --- su.c Thu Mar 30 09:26:55 1989 *************** *** 22,28 **** #include <sys/time.h> #include <sys/resource.h> ! char userbuf[16] = "USER="; char homebuf[128] = "HOME="; char shellbuf[128] = "SHELL="; char pathbuf[128] = "PATH=:/usr/ucb:/bin:/usr/bin"; --- 22,28 ---- #include <sys/time.h> #include <sys/resource.h> ! char userbuf[64] = "USER="; char homebuf[128] = "HOME="; char shellbuf[128] = "SHELL="; char pathbuf[128] = "PATH=:/usr/ucb:/bin:/usr/bin";