GNU bug report logs - #65617
coreutils 9.4: seg.fault in readutmp with systemd

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 65617 in the body.
You can then email your comments to 65617 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Thorsten Kukuk <kukuk <at> suse.com>
To: bug-coreutils <at> gnu.org
Subject: coreutils 9.4: seg.fault in readutmp with systemd
Date: Wed, 30 Aug 2023 11:21:06 +0000

coreutils 9.4 with the --enable-systemd option seg.faults in
lib/readutmp.c, line 801:

for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)

If there is no session, "sessions" is NULL and "*session_ptr" will
dereference a NULL pointer.
Affected are who, pinky and uptime.

A simple fix:

diff --git a/lib/readutmp.c b/lib/readutmp.c
index 0173b7e0c1..e99158677c 100644
--- a/lib/readutmp.c
+++ b/lib/readutmp.c
@@ -795,7 +795,7 @@ read_utmp_from_systemd (idx_t *n_entries, STRUCT_UTMP **utmp_buf, int options)
     {
       char **sessions;
       int num_sessions = sd_get_sessions (&sessions);
-      if (num_sessions >= 0)
+      if (num_sessions > 0)
         {
           char **session_ptr;
           for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)


-- 
Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany
Managing Director: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)

Message #10 received at 65617-done <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Thorsten Kukuk <kukuk <at> suse.com>
Cc: 65617-done <at> debbugs.gnu.org, Gnulib bugs <bug-gnulib <at> gnu.org>
Subject: Re: bug#65617: coreutils 9.4: seg.fault in readutmp with systemd
Date: Wed, 30 Aug 2023 18:29:09 -0700

[Message part 1 (text/plain, inline)]

Thanks for reporting that. I installed the attached patch into Gnulib 
and this should appear in the next coreutils release.

[0001-readutmp-fix-core-dump-if-enable-systemd.patch (text/x-patch, attachment)]

Message #13 received at 65617-done <at> debbugs.gnu.org (full text, mbox):

From: Bruno Haible <bruno <at> clisp.org>
To: bug-gnulib <at> gnu.org, 65617-done <at> debbugs.gnu.org
Cc: Thorsten Kukuk <kukuk <at> suse.com>, Paul Eggert <eggert <at> cs.ucla.edu>
Subject: Re: bug#65617: coreutils 9.4: seg.fault in readutmp with systemd
Date: Thu, 31 Aug 2023 11:37:05 +0200

Paul Eggert wrote:
> I installed the attached patch into Gnulib 
> and this should appear in the next coreutils release.

Unfortunately, this patch introduces a memory leak: If
num_sessions == 0 and sessions != NULL (which can happen, according
to the man page), we need to call free (sessions).

This patch fixes it.


2023-08-31  Bruno Haible  <bruno <at> clisp.org>

	readutmp: Fix memory leak introduced by last commit.
	* lib/readutmp.c (read_utmp_from_systemd): If num_sessions == 0 and
	sessions != NULL, do call free (sessions).

diff --git a/lib/readutmp.c b/lib/readutmp.c
index e99158677c..ec09feb59b 100644
--- a/lib/readutmp.c
+++ b/lib/readutmp.c
@@ -795,7 +795,7 @@ read_utmp_from_systemd (idx_t *n_entries, STRUCT_UTMP **utmp_buf, int options)
     {
       char **sessions;
       int num_sessions = sd_get_sessions (&sessions);
-      if (num_sessions > 0)
+      if (num_sessions >= 0 && sessions != NULL)
         {
           char **session_ptr;
           for (session_ptr = sessions; *session_ptr != NULL; session_ptr++)

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.