Date: Tue, 27 Feb 2018 19:24:06 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r330081 - stable/11/lib/libc/gen Message-ID: <201802271924.w1RJO62A057408@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Tue Feb 27 19:24:06 2018 New Revision: 330081 URL: https://svnweb.freebsd.org/changeset/base/330081 Log: MFC r318304: getusershell: don't write paste end of buffer reading shells _local_initshells did not reset cp to the beginning of the line buffer for every iteration that it called fgets(3), leading to writing past the end of line with fairly long /etc/shells or excessively long line lengths. Correct this by properly resetting cp. PR: 192528 Modified: stable/11/lib/libc/gen/getusershell.c Directory Properties: stable/11/ (props changed) Modified: stable/11/lib/libc/gen/getusershell.c ============================================================================== --- stable/11/lib/libc/gen/getusershell.c Tue Feb 27 19:02:49 2018 (r330080) +++ stable/11/lib/libc/gen/getusershell.c Tue Feb 27 19:24:06 2018 (r330081) @@ -115,8 +115,8 @@ _local_initshells(void *rv, void *cb_data, va_list ap) if ((fp = fopen(_PATH_SHELLS, "re")) == NULL) return NS_UNAVAIL; - cp = line; - while (fgets(cp, MAXPATHLEN + 1, fp) != NULL) { + while (fgets(line, MAXPATHLEN + 1, fp) != NULL) { + cp = line; while (*cp != '#' && *cp != '/' && *cp != '\0') cp++; if (*cp == '#' || *cp == '\0') @@ -124,7 +124,7 @@ _local_initshells(void *rv, void *cb_data, va_list ap) sp = cp; while (!isspace(*cp) && *cp != '#' && *cp != '\0') cp++; - *cp++ = '\0'; + *cp = '\0'; sl_add(sl, strdup(sp)); } (void)fclose(fp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802271924.w1RJO62A057408>