The getlogin_basic() function can return a 0 status with a NULL

pointer for the login name (result). Make sure to handle that case properly. Improve robustness by checking namelen and then nul-terminating the provided buffer to simplify subsequent logic. Obtained from: Juniper Networks, Inc. MFC after: 1 week
2014-04-05 18:14:58 +00:00 · 2014-04-05 18:14:58 +00:00 · eef9f6d258
commit eef9f6d258
parent 9fe6f910fd
1 changed files with 8 additions and 3 deletions
--- a/lib/libc/gen/getlogin.c
+++ b/lib/libc/gen/getlogin.c
@ -87,11 +87,16 @@ getlogin_r(char *logname, int namelen)
 	char	*result;
 	int	len;
 	int	status;
-	
+
+	if (namelen < 1)
+		return (ERANGE);
+	logname[0] = '\0';
+
 	THREAD_LOCK();
 	result = getlogin_basic(&status);
-	if (status == 0) {
-		if ((len = strlen(result) + 1) > namelen)
+	if (status == 0 && result != NULL) {
+		len = strlen(result) + 1;
+		if (len > namelen)
 			status = ERANGE;
 		else
 			strncpy(logname, result, len);