summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2009-04-23 19:15:11 +0000
committerUlrich Drepper <drepper@redhat.com>2009-04-23 19:15:11 +0000
commitc7e74e5968929264fca40424f979653115643f5d (patch)
tree3b5aa4b73d4b44a2081214d77b1ef71f377630e1
parent3b055b478685ccae785e656bdb94eedcdb6f1026 (diff)
downloadglibc-c7e74e5968929264fca40424f979653115643f5d.tar.gz
* shadow/sgetspent_r.c (__sgetspent_r): Recognize too small buffers.
-rw-r--r--ChangeLog2
-rw-r--r--NEWS5
-rw-r--r--shadow/sgetspent_r.c10
3 files changed, 13 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index b961433ba0..f510a30f1b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
2009-04-23 Ulrich Drepper <drepper@redhat.com>
+ * shadow/sgetspent_r.c (__sgetspent_r): Recognize too small buffers.
+
* shadow/Makefile (tests): Add tst-shadow.
* shadow/tst-shadow.c: New file.
diff --git a/NEWS b/NEWS
index d7e52f8982..411c2c3bc8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-GNU C Library NEWS -- history of user-visible changes. 2009-4-13
+GNU C Library NEWS -- history of user-visible changes. 2009-4-23
Copyright (C) 1992-2008, 2009 Free Software Foundation, Inc.
See the end for copying conditions.
@@ -44,6 +44,9 @@ Version 2.10
and extend existing format specifiers.
Implemented by Ulrich Drepper.
+* Handling for group shadow files has been added.
+ Implemented by Ulrich Drepper.
+
Version 2.9
diff --git a/shadow/sgetspent_r.c b/shadow/sgetspent_r.c
index 2ed350a1ad..5599ee4ec8 100644
--- a/shadow/sgetspent_r.c
+++ b/shadow/sgetspent_r.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996, 1997, 1998, 2005 Free Software Foundation, Inc.
+/* Copyright (C) 1996, 1997, 1998, 2005, 2009 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -91,8 +91,12 @@ int
__sgetspent_r (const char *string, struct spwd *resbuf, char *buffer,
size_t buflen, struct spwd **result)
{
- int parse_result = parse_line (strncpy (buffer, string, buflen),
- resbuf, NULL, 0, &errno);
+ buffer[buflen - 1] = '\0';
+ char *sp = strncpy (buffer, string, buflen);
+ if (buffer[buflen - 1] != '\0')
+ return ERANGE;
+
+ int parse_result = parse_line (sp, resbuf, NULL, 0, &errno);
*result = parse_result > 0 ? resbuf : NULL;
return *result == NULL ? errno : 0;