Merge 6.5p1.

* New upstream release (http://www.openssh.com/txt/release-6.5,
  LP: #1275068):
  - ssh(1): Add support for client-side hostname canonicalisation using a
    set of DNS suffixes and rules in ssh_config(5).  This allows
    unqualified names to be canonicalised to fully-qualified domain names
    to eliminate ambiguity when looking up keys in known_hosts or checking
    host certificate names (closes: #115286).

1 files changed, 7 insertions, 4 deletions

diff --git a/loginrec.c b/loginrec.c
index 59e8a44ee..4219b9aef 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -310,9 +310,13 @@ login_get_lastlog(struct logininfo *li, const uid_t uid)
                 fatal("%s: Cannot find account for uid %ld", __func__,
                     (long)uid);
 
-        /* No MIN_SIZEOF here - we absolutely *must not* truncate the
-         * username (XXX - so check for trunc!) */
-        strlcpy(li->username, pw->pw_name, sizeof(li->username));
+        if (strlcpy(li->username, pw->pw_name, sizeof(li->username)) >=
+            sizeof(li->username)) {
+                error("%s: username too long (%lu > max %lu)", __func__,
+                    (unsigned long)strlen(pw->pw_name),
+                    (unsigned long)sizeof(li->username) - 1);
+                return NULL;
+        }
 
         if (getlast_entry(li))
                 return (li);
@@ -320,7 +324,6 @@ login_get_lastlog(struct logininfo *li, const uid_t uid)
                 return (NULL);
 }
 
-
 /*
  * login_alloc_entry(int, char*, char*, char*)    - Allocate and initialise
  *                                                  a logininfo structure