Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PR/46279: Dr. W. Stukenbrock: Off-by-one in buffer length check and make sure 

that the password fits in the supplied buffer.
This commit is contained in:
christos 2012-03-29 14:43:58 +00:00
parent b66595809f
commit 4a263fd8ca
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/libc/gen/getpwent.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: getpwent.c,v 1.78 2012/03/29 13:05:10 christos Exp $ */
/* $NetBSD: getpwent.c,v 1.79 2012/03/29 14:43:58 christos Exp $ */
/*-
* Copyright (c) 1997-2000, 2004-2005 The NetBSD Foundation, Inc.
@ -88,7 +88,7 @@
#if 0
static char sccsid[] = "@(#)getpwent.c 8.2 (Berkeley) 4/27/95";
#else
__RCSID("$NetBSD: getpwent.c,v 1.78 2012/03/29 13:05:10 christos Exp $");
__RCSID("$NetBSD: getpwent.c,v 1.79 2012/03/29 14:43:58 christos Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@ -1230,7 +1230,7 @@ _nis_parse(const char *entry, struct passwd *pw, char *buf, size_t buflen,
_DIAGASSERT(buf != NULL);
_DIAGASSERT(state != NULL);
elen = strlen(entry);
elen = strlen(entry) + 1;
if (elen >= buflen)
return 0;
if (! _pw_parse(entry, pw, buf, buflen,
@ -1248,10 +1248,14 @@ _nis_parse(const char *entry, struct passwd *pw, char *buf, size_t buflen,
char *bp, *ep;
/* skip name to get password */
ep = data;
if ((bp = strsep(&ep, ":")) != NULL &&
if (strsep(&ep, ":") != NULL &&
(bp = strsep(&ep, ":")) != NULL) {
/* store new pw_passwd after entry */
strlcpy(buf + elen, bp, buflen - elen);
if (strlcpy(buf + elen, bp, buflen - elen) >=
buflen - elen) {
free(data);
return 0;
}
pw->pw_passwd = &buf[elen];
}
free(data);