[sysconf] _SC_GETPW_R_SIZE_MAX return checks

fix possible overflow with value returned from sysconf(_SC_GETPW_R_SIZE_MAX)
2024-10-23 10:33:17 +02:00 · 2024-10-23 10:33:17 +02:00 · a84b303c23
commit a84b303c23
parent ae5f655f12
2 changed files with 6 additions and 5 deletions
--- a/winpr/libwinpr/shell/shell.c
+++ b/winpr/libwinpr/shell/shell.c
@ -59,11 +59,11 @@ BOOL GetUserProfileDirectoryA(HANDLE hToken, LPSTR lpProfileDir, LPDWORD lpcchSi
 	}

 	long buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-
-	if (buflen == -1)
+	if (buflen < 0)
 		buflen = 8196;

-	char* buf = (char*)malloc(buflen);
+	const size_t s = 1ULL + (size_t)buflen;
+	char* buf = calloc(s, sizeof(char));

 	if (!buf)
 		return FALSE;
--- a/winpr/libwinpr/sspicli/sspicli.c
+++ b/winpr/libwinpr/sspicli/sspicli.c
@ -153,10 +153,11 @@ BOOL LogonUserA(LPCSTR lpszUsername, LPCSTR lpszDomain, LPCSTR lpszPassword, DWO
 	}

 	long buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-	if (buflen == -1)
+	if (buflen < 0)
 		buflen = 8196;

-	char* buf = (char*)calloc(buflen + 1, sizeof(char));
+	const size_t s = 1ULL + (size_t)buflen;
+	char* buf = (char*)calloc(s, sizeof(char));
 	if (!buf)
 		goto fail;