+2006-12-09 Jakub Jelinek <jakub@redhat.com>
+
+ * misc/getusershell.c (initshells): Check for integer overflows.
+ Make strings buffer one bigger as fgets always succeeds when second
+ argument is 1. Don't use calloc for shells array. Disallow
+ / as shell.
+
2006-12-05 Jakub Jelinek <jakub@redhat.com>
* nis/nis_subr.c (nis_getnames): Revert last change.
register char **sp, *cp;
register FILE *fp;
struct stat64 statb;
- int flen;
+ size_t flen;
free(shells);
shells = NULL;
okshells[1] = _PATH_CSHELL;
return (char **) okshells;
}
- if ((strings = malloc((u_int)statb.st_size + 1)) == NULL)
+ if (statb.st_size > ~(size_t)0 / sizeof (char *) * 3)
goto init_okshells;
- shells = calloc((unsigned)statb.st_size / 3, sizeof (char *));
+ if ((strings = malloc(statb.st_size + 2)) == NULL)
+ goto init_okshells;
+ shells = malloc(statb.st_size / 3 * sizeof (char *));
if (shells == NULL) {
free(strings);
strings = NULL;
}
sp = shells;
cp = strings;
- flen = statb.st_size;
+ flen = statb.st_size + 2;
while (fgets_unlocked(cp, flen - (cp - strings), fp) != NULL) {
while (*cp != '#' && *cp != '/' && *cp != '\0')
cp++;
- if (*cp == '#' || *cp == '\0')
+ if (*cp == '#' || *cp == '\0' || cp[1] == '\0')
continue;
*sp++ = cp;
while (!isspace(*cp) && *cp != '#' && *cp != '\0')
projects / thirdparty / glibc.git / commitdiff
