diff --git a/ChangeLog b/ChangeLog index fc063179..8db2d423 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2013-08-04 Nicolas François + + * lib/groupio.c (merge_group_entries): Do not allocate more than + necessary (sizeof char* instead of char). + Thanks for Tomáš Mráz (alioth#313962) + * lib/groupio.c (merge_group_entries): Document that new_members + is correctly NULL terminated. (alioth:#313940) + 2013-08-03 Nicolas François * Changelog: Update documentation of 2013-07-28 mancha entry. @@ -48,13 +56,13 @@ 2013-07-29 Brad Hubbard - * lib/groupio.c: add newline char when two lines - are concatenated - Closes: alioth#313942 + * lib/groupio.c: add newline char when two lines + are concatenated + Closes: alioth#313942 * lib/groupio.c: fix uninitialised memory in - merge_group_entries causes segfault in useradd by changing - a call to malloc to a call to calloc - Closes: alioth:#313940 + merge_group_entries causes segfault in useradd by changing + a call to malloc to a call to calloc + Closes: alioth:#313940 2013-07-28 Guido Trentalancia diff --git a/lib/groupio.c b/lib/groupio.c index 5e89f5d7..137aaea6 100644 --- a/lib/groupio.c +++ b/lib/groupio.c @@ -330,7 +330,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries ( /* Concatenate the 2 lines */ new_line_len = strlen (gr1->line) + strlen (gr2->line) +2; - new_line = (char *)malloc ((new_line_len + 1) * sizeof(char*)); + new_line = (char *)malloc (new_line_len + 1); if (NULL == new_line) { errno = ENOMEM; return NULL; @@ -362,6 +362,8 @@ static /*@null@*/struct commonio_entry *merge_group_entries ( for (i=0; NULL != gptr1->gr_mem[i]; i++) { new_members[i] = gptr1->gr_mem[i]; } + /* NULL termination enforced by above calloc */ + members = i; for (i=0; NULL != gptr2->gr_mem[i]; i++) { char **pmember = new_members;