Check bounds on input. From Michael Plass.

2016-09-05 21:11:11 +00:00 · 2016-09-05 21:11:11 +00:00 · 9367ee5723
parent 1b38ce07c0
commit 9367ee5723
1 changed files with 5 additions and 3 deletions
--- a/sys/lib/libsa/checkpasswd.c
+++ b/sys/lib/libsa/checkpasswd.c
@ -1,4 +1,4 @@
-/*	$NetBSD: checkpasswd.c,v 1.9 2011/01/06 02:45:13 jakllsch Exp $	*/
+/*	$NetBSD: checkpasswd.c,v 1.10 2016/09/05 21:11:11 dholland Exp $	*/

 /*-
 * Copyright (c) 1993
@ -84,8 +84,10 @@ getpass(const char *prompt)
 			putchar('\n');
 			break;
 		default:
-			*lp++ = c;
-			putchar('*');
+			if ((size_t)(lp - buf) < sizeof(buf) - 1) {
+				*lp++ = c;
+				putchar('*');
+			}
 			break;
 		}
 	}