1 files changed, 14 insertions, 8 deletions

diff --git a/authfile.c b/authfile.c
index 5f001d1..b6407e5 100644
--- a/authfile.c
+++ b/authfile.c
@@ -41,23 +41,29 @@ enum authfile_ret authfile_load(const char *file) {
         return AUTHFILE_STATFAIL;
     }
 
-    auth_data = calloc(1, sb.st_size);
+    auth_data = calloc(1, sb.st_size + 1);
 
     char *auth_cur = auth_data;
+    char *auth_end = auth_data + sb.st_size;
     auth_t *entry_cur = auth_entries;
     int used = 0;
 
-    while ((fgets(auth_cur, MAX_ENTRY_LEN, pwfile)) != NULL) {
+    while ((fgets(auth_cur, auth_end - auth_cur < MAX_ENTRY_LEN ? auth_end - auth_cur : MAX_ENTRY_LEN, pwfile)) != NULL) {
         int x;
         int found = 0;
 
         for (x = 0; x < MAX_ENTRY_LEN; x++) {
-            if (!found && auth_cur[x] == ':') {
-                entry_cur->user = auth_cur;
-                entry_cur->ulen = x;
-                entry_cur->pass = &auth_cur[x+1];
-                found = 1;
-            } else if (found) {
+            if (!found) {
+                if (auth_cur[x] == '\0') {
+                    // The username is malformed - this is either the end of the file or a null byte.
+                    break;
+                } else if (auth_cur[x] == ':') {
+                    entry_cur->user = auth_cur;
+                    entry_cur->ulen = x;
+                    entry_cur->pass = &auth_cur[x+1];
+                    found = 1;
+                }
+            } else {
                 // Find end of password.
                 if (auth_cur[x] == '\n' ||
                     auth_cur[x] == '\r' ||