GNU bug report logs - #65617
coreutils 9.4: seg.fault in readutmp with systemd

Previous Next

Package: coreutils;

Reported by: Thorsten Kukuk <kukuk <at> suse.com>

Date: Wed, 30 Aug 2023 11:22:01 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 65617 in the body.
You can then email your comments to 65617 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-coreutils <at> gnu.org:
bug#65617; Package coreutils. (Wed, 30 Aug 2023 11:22:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thorsten Kukuk <kukuk <at> suse.com>:
New bug report received and forwarded. Copy sent to bug-coreutils <at> gnu.org. (Wed, 30 Aug 2023 11:22:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Thorsten Kukuk <kukuk <at> suse.com>
To: bug-coreutils <at> gnu.org
Subject: coreutils 9.4: seg.fault in readutmp with systemd
Date: Wed, 30 Aug 2023 11:21:06 +0000
coreutils 9.4 with the --enable-systemd option seg.faults in
lib/readutmp.c, line 801:

for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)

If there is no session, "sessions" is NULL and "*session_ptr" will
dereference a NULL pointer.
Affected are who, pinky and uptime.

A simple fix:

diff --git a/lib/readutmp.c b/lib/readutmp.c
index 0173b7e0c1..e99158677c 100644
--- a/lib/readutmp.c
+++ b/lib/readutmp.c
@@ -795,7 +795,7 @@ read_utmp_from_systemd (idx_t *n_entries, STRUCT_UTMP **utmp_buf, int options)
     {
       char **sessions;
       int num_sessions = sd_get_sessions (&sessions);
-      if (num_sessions >= 0)
+      if (num_sessions > 0)
         {
           char **session_ptr;
           for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)


-- 
Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany
Managing Director: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)




Reply sent to Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility. (Thu, 31 Aug 2023 01:30:02 GMT) Full text and rfc822 format available.

Notification sent to Thorsten Kukuk <kukuk <at> suse.com>:
bug acknowledged by developer. (Thu, 31 Aug 2023 01:30:02 GMT) Full text and rfc822 format available.

Message #10 received at 65617-done <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Thorsten Kukuk <kukuk <at> suse.com>
Cc: 65617-done <at> debbugs.gnu.org, Gnulib bugs <bug-gnulib <at> gnu.org>
Subject: Re: bug#65617: coreutils 9.4: seg.fault in readutmp with systemd
Date: Wed, 30 Aug 2023 18:29:09 -0700
[Message part 1 (text/plain, inline)]
Thanks for reporting that. I installed the attached patch into Gnulib 
and this should appear in the next coreutils release.
[0001-readutmp-fix-core-dump-if-enable-systemd.patch (text/x-patch, attachment)]

Information forwarded to bug-coreutils <at> gnu.org:
bug#65617; Package coreutils. (Thu, 31 Aug 2023 09:38:01 GMT) Full text and rfc822 format available.

Message #13 received at 65617-done <at> debbugs.gnu.org (full text, mbox):

From: Bruno Haible <bruno <at> clisp.org>
To: bug-gnulib <at> gnu.org, 65617-done <at> debbugs.gnu.org
Cc: Thorsten Kukuk <kukuk <at> suse.com>, Paul Eggert <eggert <at> cs.ucla.edu>
Subject: Re: bug#65617: coreutils 9.4: seg.fault in readutmp with systemd
Date: Thu, 31 Aug 2023 11:37:05 +0200
Paul Eggert wrote:
> I installed the attached patch into Gnulib 
> and this should appear in the next coreutils release.

Unfortunately, this patch introduces a memory leak: If
num_sessions == 0 and sessions != NULL (which can happen, according
to the man page), we need to call free (sessions).

This patch fixes it.


2023-08-31  Bruno Haible  <bruno <at> clisp.org>

	readutmp: Fix memory leak introduced by last commit.
	* lib/readutmp.c (read_utmp_from_systemd): If num_sessions == 0 and
	sessions != NULL, do call free (sessions).

diff --git a/lib/readutmp.c b/lib/readutmp.c
index e99158677c..ec09feb59b 100644
--- a/lib/readutmp.c
+++ b/lib/readutmp.c
@@ -795,7 +795,7 @@ read_utmp_from_systemd (idx_t *n_entries, STRUCT_UTMP **utmp_buf, int options)
     {
       char **sessions;
       int num_sessions = sd_get_sessions (&sessions);
-      if (num_sessions > 0)
+      if (num_sessions >= 0 && sessions != NULL)
         {
           char **session_ptr;
           for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)







bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 28 Sep 2023 11:24:07 GMT) Full text and rfc822 format available.

This bug report was last modified 1 year and 249 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.