RepoMirrors/musl
1
0
Fork 0
mirror of git://git.musl-libc.org/musl synced 2025-04-01 22:48:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix off-by-one error in getgrnam_r and getgrgid_r, clobbering gr_name

Browse Source 
bug report and patch by Michael Forney. the terminating null pointer
at the end of the gr_mem array was overwriting the beginning of the
string data, causing the gr_name member to always be a zero-length
string.
This commit is contained in:
Rich Felker 2013-09-29 02:52:33 -04:00
parent 211264e46a
commit 23b8e3bc95
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/passwd/getgr_r.c
View File

@ -26,14 +26,14 @@ static int getgr_r(const char *name, gid_t gid, struct group *gr, char *buf, siz
while (__getgrent_a(f, gr, &line, &len, &mem, &nmem)) {
if (name && !strcmp(name, gr->gr_name)
|| !name && gr->gr_gid == gid) {
if (size < len + nmem*sizeof(char *) + 32) {
if (size < len + (nmem+1)*sizeof(char *) + 32) {
rv = ERANGE;
break;
}
*res = gr;
buf += (16-(uintptr_t)buf)%16;
gr->gr_mem = (void *)buf;
buf += nmem*sizeof(char *);
buf += (nmem+1)*sizeof(char *);
memcpy(buf, line, len);
FIX(name);
FIX(passwd);