emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Handle malformed lines in hushlogins file.

Browse Source 
If a line in hushlogins file, e.g. /etc/hushlogins, starts with
'\0', then current code performs an out of boundary write.
If the line lacks a newline at the end, then another character is
overridden.

With strcspn both cases are solved.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
This commit is contained in:
Tobias Stoeckmann 2021-10-29 19:44:46 +02:00
parent f2476d3ce8
commit 63a96706b1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libmisc/hushed.c
View File

@ -90,7 +90,7 @@ bool hushed (const char *username)
return false; return false;
} }
for (found = false; !found && (fgets (buf, (int) sizeof buf, fp) == buf);) { for (found = false; !found && (fgets (buf, (int) sizeof buf, fp) == buf);) {
buf[strlen (buf) - 1] = '\0'; buf[strcspn (buf, "\n")] = '\0';
found = (strcmp (buf, pw->pw_shell) == 0) || found = (strcmp (buf, pw->pw_shell) == 0) ||
(strcmp (buf, pw->pw_name) == 0); (strcmp (buf, pw->pw_name) == 0);
} }