Xref: utzoo comp.unix.questions:27862 comp.unix.ultrix:5746 Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!rex!uflorida!gatech!mcnc!uvaarpa!murdoch!murdoch.acc.virginia.edu!bglenden From: bglenden@colobus.cv.nrao.edu (Brian Glendenning) Newsgroups: comp.unix.questions,comp.unix.ultrix Subject: Re: Idle user logoff (untamo bug) Message-ID: Date: 3 Jan 91 20:43:58 GMT References: <25362@adm.brl.mil> Sender: news@murdoch.acc.Virginia.EDU Organization: National Radio Astronomy Observatory Lines: 44 In-Reply-To: sct60a.sunyct.edu!buck@sct60a.sunyct.edu's message of 1 Jan 91 18:57:19 GMT Thanks for the many helpful replies I have gotten. I have discovered a bug in untamo. Since I don't know who is responsible for it any more (mail to doc at purdue bounced) I'll post it here so at least the people who told me about untamo will see it: In untamo.c we find the lines: pswd = getpwnam(utmpbuf.ut_name); user->ugroup = pswd->pw_gid; but if we look in we find struct utmp { char ut_line[8]; /* tty name */ char ut_name[8]; /* user id */ char ut_host[16]; /* host name, if remote */ long ut_time; /* time on */ }; Thus if your user name is 8 chars, ut_name won't be null terminated (you'll probably get ut_name and ut_host concatenated before you get a termination). This will make getpwnam fail and return a null. Then in the second line you will be dereferencing a null pointer. Bang. core dump. The cure is to at least check that pswd isn't null before dereferencing, and probably to do something like: { char name[9]; strncpy(name,utmpbuf.ut_name,8); name[9]=0; ... } And check the return on getpwnam. But I can't see how to make it work at all for user names longer than 8 chars, although I guess you could hope that they are unique in the first 8 and look through each entry of the passwd file. Brian -- Brian Glendenning - National Radio Astronomy Observatory bglenden@nrao.edu bglenden@nrao.bitnet (804) 296-0286