From owner-freebsd-arch@freebsd.org  Wed May 25 21:49:46 2016
Return-Path: <owner-freebsd-arch@freebsd.org>
Delivered-To: freebsd-arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD6C1B4A3AE
 for <freebsd-arch@mailman.ysv.freebsd.org>;
 Wed, 25 May 2016 21:49:46 +0000 (UTC)
 (envelope-from truckman@FreeBSD.org)
Received: from gw.catspoiler.org (unknown [IPv6:2602:304:b010:ef20::f2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gw.catspoiler.org", Issuer "gw.catspoiler.org" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 875321A45
 for <freebsd-arch@freebsd.org>; Wed, 25 May 2016 21:49:46 +0000 (UTC)
 (envelope-from truckman@FreeBSD.org)
Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2])
 by gw.catspoiler.org (8.15.2/8.15.2) with ESMTP id u4PLnaoG007496;
 Wed, 25 May 2016 14:49:40 -0700 (PDT)
 (envelope-from truckman@FreeBSD.org)
Message-Id: <201605252149.u4PLnaoG007496@gw.catspoiler.org>
Date: Wed, 25 May 2016 14:49:36 -0700 (PDT)
From: Don Lewis <truckman@FreeBSD.org>
Subject: Re: is ut_user[] in struct utmpx NUL terminated?
To: ed@nuxi.nl
cc: freebsd-arch@freebsd.org
In-Reply-To: <CABh_MKkY_puFRj8VX3eX2A3RJ8GeAQb+T8NhUEVOKohTmOWdhg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2016 21:49:46 -0000

On 25 May, Ed Schouten wrote:
> Hi Don,
> 
> 2016-05-25 23:14 GMT+02:00 Don Lewis <truckman@freebsd.org>:
>> Going in the other direction, getutxent()
>> calls futx_to_utx(), which uses the FTOU_STRING() macro, which in turn
>> uses strncpy() to copy the data back out.
> 
> Keep in mind that strcpy() is called with a size that is at most one
> less than sizeof(ut->ut_user). The final byte in the array is never
> overwritten.

It looks like it is using sizeof() and not sizeof()-1 in both
directions:

Ah, it's using sizeof() going in, but I now see that there is a
carefully hidden -1 adjustment coming out:

#define FTOU_STRING(fu, ut, field) do { \
        strncpy((ut)->ut_ ## field, (fu)->fu_ ## field,         \
            MIN(sizeof (ut)->ut_ ## field - 1, sizeof (fu)->fu_ ## field)); \
} while (0)

We should probably document this in the man page.  The Linux man page
that I found online says that the string fields are NUL terminated only
if there is room.  The Mac OS X man page and Open Group documentation
are silent on this, which would lead one to think these fields are NUL
terminated.

Code also has be careful to not make the assumption that these fields
are NUL terminated if the struct utmpx has not been laundered through
pututxline() and getutx*(), though this should be rare.