Bug 952

Summary:

login_init_entry: Cannot find user when username length is 64

Product:

Portable OpenSSH

Reporter:

Brian Hamon <brhamon>

Component:

sshd

Assignee:

OpenSSH Bugzilla mailing list <openssh-bugs>

Status:

CLOSED FIXED

Severity:

minor

Priority:

Version:

3.9p1

Hardware:

All

OS:

Linux

Attachments:

Description	Flags
One-line change. Unit tested on Linux.	dtucker: ok+

Description Brian Hamon 2004-11-12 02:50:10 AEDT

struct logininfo (loginrec.h) defines LINFO_NAMESIZE to 64. The call to strlcpy 
on loginrec.c line 357 will truncate the 64th character. When a user logs in 
with a username of exactly 64 characters, the following error message is 
displayed:

login_init_entry: Cannot find 
user "testlengthtestlengthtestlengthtestlengthtestlengthtestlengthtes"

Comment 1 Brian Hamon 2004-11-12 04:58:01 AEDT

Created attachment 739 [details]
One-line change. Unit tested on Linux.

65 probably would have worked, I added 8 to keep the alignment of subsequent
fields.

Comment 2 Darren Tucker 2005-01-20 21:39:40 AEDT

Comment on attachment 739 [details]
One-line change. Unit tested on Linux.

Seems reasonable to me, all of the references in loginrec.c are limited by
sizeof(li->username).
Objections?

Comment 3 Damien Miller 2005-01-20 21:54:35 AEDT

I think we should probably round it up to the nearest power of two, but I agree: ok.

Comment 4 Darren Tucker 2005-01-20 22:08:28 AEDT

Thanks, applied (increased to 128 bytes).

Comment 5 Darren Tucker 2006-10-07 11:37:53 AEST

Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.