diff options
-rw-r--r-- | libpwdgrp/pwd_grp.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/libpwdgrp/pwd_grp.c b/libpwdgrp/pwd_grp.c index f3fcec8..1b2418a 100644 --- a/libpwdgrp/pwd_grp.c +++ b/libpwdgrp/pwd_grp.c @@ -34,13 +34,13 @@ struct const_passdb { const char *filename; - const char def[10]; + const char def[9]; const uint8_t off[9]; uint8_t numfields; }; struct passdb { const char *filename; - const char def[10]; + const char def[9]; const uint8_t off[9]; uint8_t numfields; FILE *fp; @@ -51,6 +51,11 @@ struct passdb { IF_USE_BB_SHADOW(sizeof(struct spwd)) ]; }; +/* Note: for shadow db, def[9] will not contain terminating NUL, + * but convert_to_struct() logic detects def[] end by "less than SP?", + * not by "is it NUL?" condition; and off[0] happens to be zero + * for every db anyway, so there _is_ in fact a terminating NUL there. + */ /* S = string not empty, s = string maybe empty, * I = uid,gid, l = long maybe empty, m = members, @@ -122,7 +127,7 @@ static void free_static(void) free(S.db[0].malloced); free(S.db[1].malloced); # if ENABLE_USE_BB_SHADOW - S.db[2].malloced); + free(S.db[2].malloced); # endif free(ptr_to_statics); } @@ -286,8 +291,8 @@ static void *convert_to_struct(struct passdb *db, * at the end of malloced buffer! */ members = (char **) - ( ((intptr_t)S.tokenize_end + sizeof(char**)) - & -(intptr_t)sizeof(char**) + ( ((intptr_t)S.tokenize_end + sizeof(members[0])) + & -(intptr_t)sizeof(members[0]) ); ((struct group *)result)->gr_mem = members; @@ -300,7 +305,7 @@ static void *convert_to_struct(struct passdb *db, /* def "r" does nothing */ def++; - if (*def == '\0') + if ((unsigned char)*def < (unsigned char)' ') break; buffer += strlen(buffer) + 1; } |