GNU bug report logs - #65617
coreutils 9.4: seg.fault in readutmp with systemd

Previous Next

Package: coreutils;

Reported by: Thorsten Kukuk <kukuk <at> suse.com>

Date: Wed, 30 Aug 2023 11:22:01 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Thorsten Kukuk <kukuk <at> suse.com>
Subject: bug#65617: closed (Re: bug#65617: coreutils 9.4: seg.fault in
 readutmp with systemd)
Date: Thu, 31 Aug 2023 01:30:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#65617: coreutils 9.4: seg.fault in readutmp with systemd

which was filed against the coreutils package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 65617 <at> debbugs.gnu.org.

-- 
65617: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=65617
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Thorsten Kukuk <kukuk <at> suse.com>
Cc: 65617-done <at> debbugs.gnu.org, Gnulib bugs <bug-gnulib <at> gnu.org>
Subject: Re: bug#65617: coreutils 9.4: seg.fault in readutmp with systemd
Date: Wed, 30 Aug 2023 18:29:09 -0700

[Message part 3 (text/plain, inline)]
Thanks for reporting that. I installed the attached patch into Gnulib 
and this should appear in the next coreutils release.
[0001-readutmp-fix-core-dump-if-enable-systemd.patch (text/x-patch, attachment)]
[Message part 5 (message/rfc822, inline)]
From: Thorsten Kukuk <kukuk <at> suse.com>
To: bug-coreutils <at> gnu.org
Subject: coreutils 9.4: seg.fault in readutmp with systemd
Date: Wed, 30 Aug 2023 11:21:06 +0000

coreutils 9.4 with the --enable-systemd option seg.faults in
lib/readutmp.c, line 801:

for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)

If there is no session, "sessions" is NULL and "*session_ptr" will
dereference a NULL pointer.
Affected are who, pinky and uptime.

A simple fix:

diff --git a/lib/readutmp.c b/lib/readutmp.c
index 0173b7e0c1..e99158677c 100644
--- a/lib/readutmp.c
+++ b/lib/readutmp.c
@@ -795,7 +795,7 @@ read_utmp_from_systemd (idx_t *n_entries, STRUCT_UTMP **utmp_buf, int options)
     {
       char **sessions;
       int num_sessions = sd_get_sessions (&sessions);
-      if (num_sessions >= 0)
+      if (num_sessions > 0)
         {
           char **session_ptr;
           for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)


-- 
Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany
Managing Director: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)
This bug report was last modified 1 year and 319 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.