mirror of https://github.com/MidnightCommander/mc
(vfs_finduid): fix overrunning string.
Fix out-of-boundary access to uname if it's shorter than 255 bytes. Found by Coverity. Coverity id #331835. Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
This commit is contained in:
parent
2d4008655e
commit
2dfdc6d690
|
@ -108,8 +108,12 @@ vfs_finduid (const char *uname)
|
|||
static int saveuid = GUID_DEFAULT_CONST;
|
||||
static char saveuname[TUNMLEN] = "\0";
|
||||
|
||||
size_t uname_len;
|
||||
|
||||
uname_len = strlen (uname);
|
||||
|
||||
if (uname[0] != saveuname[0] /* Quick test w/o proc call */
|
||||
|| 0 != strncmp (uname, saveuname, TUNMLEN))
|
||||
|| strncmp (uname, saveuname, MIN (uname_len, TUNMLEN - 1)) != 0)
|
||||
{
|
||||
struct passwd *pw;
|
||||
|
||||
|
|
Loading…
Reference in New Issue