From cc577d0e058b53df5c0fe2ac17890a41d77e94c5 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Sat, 13 Feb 2021 13:59:44 -0500 Subject: fix misuse of getpwuid_r in cuserid getpwuid_r can return 0 but without a result in the case where there was no error but no record exists. in that case cuserid was treating it as success and copying junk out of pw.pw_name to the output buffer. --- src/legacy/cuserid.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/legacy/cuserid.c b/src/legacy/cuserid.c index 3ff115a1..07866acf 100644 --- a/src/legacy/cuserid.c +++ b/src/legacy/cuserid.c @@ -9,7 +9,8 @@ char *cuserid(char *buf) static char usridbuf[L_cuserid]; struct passwd pw, *ppw; long pwb[256]; - if (getpwuid_r(geteuid(), &pw, (void *)pwb, sizeof pwb, &ppw)) + getpwuid_r(geteuid(), &pw, (void *)pwb, sizeof pwb, &ppw); + if (!ppw) return 0; size_t len = strnlen(pw.pw_name, L_cuserid); if (len == L_cuserid) -- cgit 1.4.1