From aaa9e718c88d6916b003da7ebcfe38a3c88df8e6 Mon Sep 17 00:00:00 2001
From: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
Date: Sat, 24 May 2025 03:16:09 +0100
Subject: [PATCH] Update setpwnam.c

---
 login-utils/setpwnam.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
index 3e3c1abde5..95e470b5a3 100644
--- a/login-utils/setpwnam.c
+++ b/login-utils/setpwnam.c
@@ -126,10 +126,12 @@ int setpwnam(struct passwd *pwd, const char *prefix)
 		}
 
 		/* Is this the username we were sent to change? */
-		if (!found && linebuf[namelen] == ':' &&
-		    !strncmp(linebuf, pwd->pw_name, namelen)) {
-			/* Yes! So go forth in the name of the Lord and
-			 * change it!  */
+		if (!found &&
+		    strncmp(linebuf, pwd->pw_name, namelen) == 0 &&
+		    strlen(linebuf) > namelen &&
+		    linebuf[namelen] == ':') {
+			/* Yes! But this time let’s not walk past the end of the buffer
+			 * in the name of the Lord, SUID, or anything else. */
 			if (putpwent(pwd, fp) < 0)
 				goto fail;
 			found = 1;
-- 
2.47.2