Pull up following revision(s) (requested by kamil in ticket #899):

lib/libutil/passwd.c: revision 1.53 Prevent underflow buffer read in trim_whitespace() in libutil/passwd.c If a string is empty or contains only white characters, the algorithm of removal of white characters at the end of the passed string will read buffer at index -1 and keep iterating backward. Detected with MKSANITIZER/ASan when executing passwd(1).
2018-06-24 09:34:33 +00:00 · 2018-06-24 09:34:33 +00:00 · e75e57f0e2
parent 1e062e62b4
commit e75e57f0e2
1 changed files with 11 additions and 3 deletions
--- a/lib/libutil/passwd.c
+++ b/lib/libutil/passwd.c
@ -1,4 +1,4 @@
-/*	$NetBSD: passwd.c,v 1.52 2012/06/25 22:32:47 abs Exp $	*/
+/*	$NetBSD: passwd.c,v 1.52.24.1 2018/06/24 09:34:33 martin Exp $	*/

 /*
 * Copyright (c) 1987, 1993, 1994, 1995
@ -31,7 +31,7 @@

 #include <sys/cdefs.h>
 #if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: passwd.c,v 1.52 2012/06/25 22:32:47 abs Exp $");
+__RCSID("$NetBSD: passwd.c,v 1.52.24.1 2018/06/24 09:34:33 martin Exp $");
 #endif /* LIBC_SCCS and not lint */

 #include <sys/types.h>
@ -503,13 +503,21 @@ trim_whitespace(char *line)

 	_DIAGASSERT(line != NULL);

+	/* Handle empty string */
+	if (*line == '\0')
+		return;
+
 	/* Remove leading spaces */
 	p = line;
 	while (isspace((unsigned char) *p))
 		p++;
 	memmove(line, p, strlen(p) + 1);

-	/* Remove trailing spaces */
+	/* Handle empty string after removal of whitespace characters */
+	if (*line == '\0')
+		return;
+
+	/* Remove trailing spaces, line must not be empty string here */
 	p = line + strlen(line) - 1;
 	while (isspace((unsigned char) *p))
 		p--;