From a84b303c2387441287c48bd88a73c92d6f0b8a00 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Wed, 23 Oct 2024 10:33:17 +0200
Subject: [PATCH] [sysconf] _SC_GETPW_R_SIZE_MAX return checks

fix possible overflow with value returned from sysconf(_SC_GETPW_R_SIZE_MAX)
---
 winpr/libwinpr/shell/shell.c     | 6 +++---
 winpr/libwinpr/sspicli/sspicli.c | 5 +++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/winpr/libwinpr/shell/shell.c b/winpr/libwinpr/shell/shell.c
index 2ef907709..a9cab579d 100644
--- a/winpr/libwinpr/shell/shell.c
+++ b/winpr/libwinpr/shell/shell.c
@@ -59,11 +59,11 @@ BOOL GetUserProfileDirectoryA(HANDLE hToken, LPSTR lpProfileDir, LPDWORD lpcchSi
 	}
 
 	long buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-
-	if (buflen == -1)
+	if (buflen < 0)
 		buflen = 8196;
 
-	char* buf = (char*)malloc(buflen);
+	const size_t s = 1ULL + (size_t)buflen;
+	char* buf = calloc(s, sizeof(char));
 
 	if (!buf)
 		return FALSE;
diff --git a/winpr/libwinpr/sspicli/sspicli.c b/winpr/libwinpr/sspicli/sspicli.c
index 68524363d..5d6b349c6 100644
--- a/winpr/libwinpr/sspicli/sspicli.c
+++ b/winpr/libwinpr/sspicli/sspicli.c
@@ -153,10 +153,11 @@ BOOL LogonUserA(LPCSTR lpszUsername, LPCSTR lpszDomain, LPCSTR lpszPassword, DWO
 	}
 
 	long buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-	if (buflen == -1)
+	if (buflen < 0)
 		buflen = 8196;
 
-	char* buf = (char*)calloc(buflen + 1, sizeof(char));
+	const size_t s = 1ULL + (size_t)buflen;
+	char* buf = (char*)calloc(s, sizeof(char));
 	if (!buf)
 		goto fail;