diff options
| author | Ulrich Drepper <drepper@redhat.com> | 2010-02-03 06:23:31 -0800 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 2010-02-03 06:23:31 -0800 |
| commit | caa6e77293d85e31dfde371b78862e9330a1478e (patch) | |
| tree | c0cbef02da76d2086380304e3ac792ba57c8fd30 | |
| parent | 1a36db1c125785826afbf169d26a9afd98577d65 (diff) | |
| download | glibc-caa6e77293d85e31dfde371b78862e9330a1478e.tar glibc-caa6e77293d85e31dfde371b78862e9330a1478e.tar.gz glibc-caa6e77293d85e31dfde371b78862e9330a1478e.tar.bz2 glibc-caa6e77293d85e31dfde371b78862e9330a1478e.zip | |
Fix endless loop with invalid /etc/shells file.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | misc/getusershell.c | 4 |
2 files changed, 8 insertions, 2 deletions
@@ -1,3 +1,9 @@ +2010-02-03 Ulrich Drepper <drepper@redhat.com> + + [BZ #11242] + * misc/getusershell.c (initshells): Allocate one more byte in input + buffer so that fgets doesn't loop undefinitely. + 2010-02-02 Ulrich Drepper <drepper@redhat.com> * stdlib/setenv.c (__add_to_environ): Don't use alloca if diff --git a/misc/getusershell.c b/misc/getusershell.c index 636da322f9..0e4f79619f 100644 --- a/misc/getusershell.c +++ b/misc/getusershell.c @@ -116,7 +116,8 @@ initshells() } if (statb.st_size > ~(size_t)0 / sizeof (char *) * 3) goto init_okshells; - if ((strings = malloc(statb.st_size + 2)) == NULL) + flen = statb.st_size + 3; + if ((strings = malloc(flen)) == NULL) goto init_okshells; shells = malloc(statb.st_size / 3 * sizeof (char *)); if (shells == NULL) { @@ -126,7 +127,6 @@ initshells() } sp = shells; cp = strings; - flen = statb.st_size + 2; while (fgets_unlocked(cp, flen - (cp - strings), fp) != NULL) { while (*cp != '#' && *cp != '/' && *cp != '\0') cp++; |