From eaebea55a495a56317ed85e959b3599f73c6bdf2 Mon Sep 17 00:00:00 2001
From: David Michael <fedora.dm0@gmail.com>
Date: Sun, 23 Oct 2022 18:51:33 -0400
Subject: [PATCH] useradd: Fix buffer overflow when using a prefix

The buffer length did not count the string's trailing null byte.

Signed-off-by: David Michael <fedora.dm0@gmail.com>
---
 src/useradd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/useradd.c b/src/useradd.c
index 39a744ee..7ea0a9c4 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2372,7 +2372,7 @@ static void create_mail (void)
 		if (NULL == spool) {
 			return;
 		}
-		file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 2);
+		file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 3);
 		if (prefix[0])
 			sprintf (file, "%s/%s/%s", prefix, spool, user_name);
 		else