From 9c59a69b1ad9624efcae9db2c13098cf2c7eacf8 Mon Sep 17 00:00:00 2001 From: INVENT Date: Mon, 19 Jan 2015 15:22:53 +0300 Subject: [PATCH] Buffer overflow vulnerability fix --- src/v-check-user-password.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/v-check-user-password.c b/src/v-check-user-password.c index 38fcad4ff..1cca5717c 100755 --- a/src/v-check-user-password.c +++ b/src/v-check-user-password.c @@ -45,10 +45,16 @@ int main (int argc, char** argv) { /* open log file */ FILE* pFile = fopen ("/usr/local/vesta/log/auth.log","a+"); if (NULL == pFile) { - printf("Error: can not open file %s \n", argv[0]); + printf("Error: can not open file /usr/local/vesta/log/auth.log \n"); exit(12); } + int len = 0; + if(strlen(argv[1]) >= 100) { + printf("Too long username\n"); + exit(1); + } + /* parse user argument */ struct passwd* userinfo = getpwnam(argv[1]); if (NULL != userinfo) {