Module Name: src
Committed By: christos
Date: Thu Mar 29 14:43:58 UTC 2012
Modified Files:
src/lib/libc/gen: getpwent.c
Log Message:
PR/46279: Dr. W. Stukenbrock: Off-by-one in buffer length check and make sure
that the password fits in the supplied buffer.
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 src/lib/libc/gen/getpwent.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/gen/getpwent.c
diff -u src/lib/libc/gen/getpwent.c:1.78 src/lib/libc/gen/getpwent.c:1.79
--- src/lib/libc/gen/getpwent.c:1.78 Thu Mar 29 09:05:10 2012
+++ src/lib/libc/gen/getpwent.c Thu Mar 29 10:43:58 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: getpwent.c,v 1.78 2012/03/29 13:05:10 christos Exp $ */
+/* $NetBSD: getpwent.c,v 1.79 2012/03/29 14:43:58 christos Exp $ */
/*-
* Copyright (c) 1997-2000, 2004-2005 The NetBSD Foundation, Inc.
@@ -88,7 +88,7 @@
#if 0
static char sccsid[] = "@(#)getpwent.c 8.2 (Berkeley) 4/27/95";
#else
-__RCSID("$NetBSD: getpwent.c,v 1.78 2012/03/29 13:05:10 christos Exp $");
+__RCSID("$NetBSD: getpwent.c,v 1.79 2012/03/29 14:43:58 christos Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@@ -1230,7 +1230,7 @@ _nis_parse(const char *entry, struct pas
_DIAGASSERT(buf != NULL);
_DIAGASSERT(state != NULL);
- elen = strlen(entry);
+ elen = strlen(entry) + 1;
if (elen >= buflen)
return 0;
if (! _pw_parse(entry, pw, buf, buflen,
@@ -1248,10 +1248,14 @@ _nis_parse(const char *entry, struct pas
char *bp, *ep;
/* skip name to get password */
ep = data;
- if ((bp = strsep(&ep, ":")) != NULL &&
+ if (strsep(&ep, ":") != NULL &&
(bp = strsep(&ep, ":")) != NULL) {
/* store new pw_passwd after entry */
- strlcpy(buf + elen, bp, buflen - elen);
+ if (strlcpy(buf + elen, bp, buflen - elen) >=
+ buflen - elen) {
+ free(data);
+ return 0;
+ }
pw->pw_passwd = &buf[elen];
}
free(data);
