port: fix OVERRUN (CWE-119)

```
shadow-4.15.0/lib/port.c:154:2: alias: Assigning: "port.pt_names" = "ttys". "port.pt_names" now points to element 0 of "ttys" (which consists of 65 8-byte elements).
shadow-4.15.0/lib/port.c:155:2: cond_const: Checking "j < 64" implies that "j" is 64 on the false branch.
shadow-4.15.0/lib/port.c:175:2: overrun-local: Overrunning array of 65 8-byte elements at element index 65 (byte offset 527) by dereferencing pointer "port.pt_names + (j + 1)".
173|           *cp = '\0';
174|           cp++;
175|->         port.pt_names[j + 1] = NULL;
176|
177|           /*
```

Resolves: https://issues.redhat.com/browse/RHEL-35383

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>

diff --git a/lib/port.c b/lib/port.c
index 05b95651db0f571c1132ea7f6af104e4f7e2f503..60ff8989e58c93cf0fe437405f39a83b93cbe861 100644 (file)
--- a/lib/port.c
+++ b/lib/port.c
@@ -168,7 +168,7 @@ again:
        }
        *cp = '\0';
        cp++;
-       port.pt_names[j + 1] = NULL;
+       port.pt_names[j] = NULL;
 
        /*
         * Get the list of user names.  It is the second colon