aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2010-02-03 06:23:31 -0800
committerUlrich Drepper <drepper@redhat.com>2010-02-03 06:23:31 -0800
commitcaa6e77293d85e31dfde371b78862e9330a1478e (patch)
treec0cbef02da76d2086380304e3ac792ba57c8fd30
parent1a36db1c125785826afbf169d26a9afd98577d65 (diff)
downloadglibc-caa6e77293d85e31dfde371b78862e9330a1478e.tar
glibc-caa6e77293d85e31dfde371b78862e9330a1478e.tar.gz
glibc-caa6e77293d85e31dfde371b78862e9330a1478e.tar.bz2
glibc-caa6e77293d85e31dfde371b78862e9330a1478e.zip
Fix endless loop with invalid /etc/shells file.
-rw-r--r--ChangeLog6
-rw-r--r--misc/getusershell.c4
2 files changed, 8 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index e8aad253e1..f895a8ca28 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2010-02-03 Ulrich Drepper <drepper@redhat.com>
+
+ [BZ #11242]
+ * misc/getusershell.c (initshells): Allocate one more byte in input
+ buffer so that fgets doesn't loop undefinitely.
+
2010-02-02 Ulrich Drepper <drepper@redhat.com>
* stdlib/setenv.c (__add_to_environ): Don't use alloca if
diff --git a/misc/getusershell.c b/misc/getusershell.c
index 636da322f9..0e4f79619f 100644
--- a/misc/getusershell.c
+++ b/misc/getusershell.c
@@ -116,7 +116,8 @@ initshells()
}
if (statb.st_size > ~(size_t)0 / sizeof (char *) * 3)
goto init_okshells;
- if ((strings = malloc(statb.st_size + 2)) == NULL)
+ flen = statb.st_size + 3;
+ if ((strings = malloc(flen)) == NULL)
goto init_okshells;
shells = malloc(statb.st_size / 3 * sizeof (char *));
if (shells == NULL) {
@@ -126,7 +127,6 @@ initshells()
}
sp = shells;
cp = strings;
- flen = statb.st_size + 2;
while (fgets_unlocked(cp, flen - (cp - strings), fp) != NULL) {
while (*cp != '#' && *cp != '/' && *cp != '\0')
cp++;