From: Mohamed Maatallah Date: Sat, 24 May 2025 02:16:09 +0000 (+0100) Subject: Update setpwnam.c X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aaa9e718c88d6916b003da7ebcfe38a3c88df8e6;p=thirdparty%2Futil-linux.git Update setpwnam.c --- diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c index 3e3c1abde..95e470b5a 100644 --- a/login-utils/setpwnam.c +++ b/login-utils/setpwnam.c @@ -126,10 +126,12 @@ int setpwnam(struct passwd *pwd, const char *prefix) } /* Is this the username we were sent to change? */ - if (!found && linebuf[namelen] == ':' && - !strncmp(linebuf, pwd->pw_name, namelen)) { - /* Yes! So go forth in the name of the Lord and - * change it! */ + if (!found && + strncmp(linebuf, pwd->pw_name, namelen) == 0 && + strlen(linebuf) > namelen && + linebuf[namelen] == ':') { + /* Yes! But this time let’s not walk past the end of the buffer + * in the name of the Lord, SUID, or anything else. */ if (putpwent(pwd, fp) < 0) goto fail; found = 1;