From: Ulrich Drepper <drepper@redhat.com>
Date: Wed, 3 Feb 2010 14:23:31 +0000 (-0800)
Subject: Fix endless loop with invalid /etc/shells file.
X-Git-Tag: fedora/glibc-2.11.1-7~1^2~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b204d65517276f8cdaf3a83349d0f1f553da68a2;p=thirdparty%2Fglibc.git

Fix endless loop with invalid /etc/shells file.

(cherry picked from commit caa6e77293d85e31dfde371b78862e9330a1478e)
---

diff --git a/ChangeLog b/ChangeLog
index 47f2e529d53..b9f7357132f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2010-02-03  Ulrich Drepper  <drepper@redhat.com>
+
+	[BZ #11242]
+	* misc/getusershell.c (initshells): Allocate one more byte in input
+	buffer so that fgets doesn't loop undefinitely.
+
 2010-01-25  Andreas Schwab  <schwab@redhat.com>
 
 	* iconv/iconv_prog.c (write_output): Fix check for open failure.
diff --git a/misc/getusershell.c b/misc/getusershell.c
index 636da322f96..0e4f79619f8 100644
--- a/misc/getusershell.c
+++ b/misc/getusershell.c
@@ -116,7 +116,8 @@ initshells()
 	}
 	if (statb.st_size > ~(size_t)0 / sizeof (char *) * 3)
 		goto init_okshells;
-	if ((strings = malloc(statb.st_size + 2)) == NULL)
+	flen = statb.st_size + 3;
+	if ((strings = malloc(flen)) == NULL)
 		goto init_okshells;
 	shells = malloc(statb.st_size / 3 * sizeof (char *));
 	if (shells == NULL) {
@@ -126,7 +127,6 @@ initshells()
 	}
 	sp = shells;
 	cp = strings;
-	flen = statb.st_size + 2;
 	while (fgets_unlocked(cp, flen - (cp - strings), fp) != NULL) {
 		while (*cp != '#' && *cp != '/' && *cp != '\0')
 			cp++;