From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Fri, 29 Oct 2021 17:44:46 +0000 (+0200)
Subject: Handle malformed lines in hushlogins file.
X-Git-Tag: 4.10~25^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63a96706b1205f91c4a57de21ac56e996d270ff1;p=thirdparty%2Fshadow.git

Handle malformed lines in hushlogins file.

If a line in hushlogins file, e.g. /etc/hushlogins, starts with
'\0', then current code performs an out of boundary write.
If the line lacks a newline at the end, then another character is
overridden.

With strcspn both cases are solved.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/libmisc/hushed.c b/libmisc/hushed.c
index b71b99ce2..3c3adafca 100644
--- a/libmisc/hushed.c
+++ b/libmisc/hushed.c
@@ -90,7 +90,7 @@ bool hushed (const char *username)
 		return false;
 	}
 	for (found = false; !found && (fgets (buf, (int) sizeof buf, fp) == buf);) {
-		buf[strlen (buf) - 1] = '\0';
+		buf[strcspn (buf, "\n")] = '\0';
 		found = (strcmp (buf, pw->pw_shell) == 0) ||
 		        (strcmp (buf, pw->pw_name) == 0);
 	}