From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Wed, 15 May 2024 10:25:51 +0000 (+0200)
Subject: port: fix OVERRUN (CWE-119)
X-Git-Tag: 4.15.2~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c16416ebc5f0958d58a1ea1e7890eafd9f8bb75;p=thirdparty%2Fshadow.git

port: fix OVERRUN (CWE-119)

```
shadow-4.15.0/lib/port.c:154:2: alias: Assigning: "port.pt_names" = "ttys". "port.pt_names" now points to element 0 of "ttys" (which consists of 65 8-byte elements).
shadow-4.15.0/lib/port.c:155:2: cond_const: Checking "j < 64" implies that "j" is 64 on the false branch.
shadow-4.15.0/lib/port.c:175:2: overrun-local: Overrunning array of 65 8-byte elements at element index 65 (byte offset 527) by dereferencing pointer "port.pt_names + (j + 1)".
173|           *cp = '\0';
174|           cp++;
175|->         port.pt_names[j + 1] = NULL;
176|
177|           /*
```

Resolves: https://issues.redhat.com/browse/RHEL-35383

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/lib/port.c b/lib/port.c
index 05b95651d..60ff8989e 100644
--- a/lib/port.c
+++ b/lib/port.c
@@ -168,7 +168,7 @@ again:
 	}
 	*cp = '\0';
 	cp++;
-	port.pt_names[j + 1] = NULL;
+	port.pt_names[j] = NULL;
 
 	/*
 	 * Get the list of user names.  It is the second colon