From: Alejandro Colomar <alx@kernel.org>
Date: Tue, 3 Mar 2026 11:29:56 +0000 (+0100)
Subject: lib/nss.c: Move '\n' check earlier
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=fe07aff7b9864a462b77e7de5ef5413036d35561;p=thirdparty%2Fshadow.git

lib/nss.c: Move '\n' check earlier

If a line doesn't have a '\n', this is a problem, and the line should be
rejected, immediately.

Also, remove the '\n' during the check (with stpsep()), because we don't
want it there when handling the string.

Link: <https://pubs.opengroup.org/onlinepubs/9799919799/basedefs/V1_chap03.html#tag_03_387>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/lib/nss.c b/lib/nss.c
index 54d22dbcb..528eee87c 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -79,14 +79,18 @@ nss_init(const char *nsswitch_path) {
 	}
 	p = NULL;
 	while (getline(&line, &len, nssfp) != -1) {
+		if (stpsep(line, "\n") == NULL) {
+			fprintf(log_get_logfd(), "%s: Non-text file.\n", nsswitch_path);
+			goto null_subid;
+		}
 		if (strprefix(line, "#"))
 			continue;
-		if (strlen(line) < 8)
+		if (strlen(line) < 7)
 			continue;
 		if (!strcaseprefix(line, "subid:"))
 			continue;
 		p = &line[6];
-		p = stpspn(p, " \t\n");
+		p = stpspn(p, " \t");
 		if (!streq(p, ""))
 			break;
 		p = NULL;
@@ -94,10 +98,6 @@ nss_init(const char *nsswitch_path) {
 	if (p == NULL) {
 		goto null_subid;
 	}
-	if (stpsep(p, "\n") == NULL) {
-		fprintf(log_get_logfd(), "%s: Non-text file.\n", nsswitch_path);
-		goto null_subid;
-	}
 	stpsep(p, " \t");
 	if (streq(p, "")) {
 		fprintf(log_get_logfd(), "No usable subid NSS module found, using files\n");