diff options
author | Timo Teräs <timo.teras@iki.fi> | 2013-09-29 09:12:48 +0000 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2013-09-29 09:12:48 +0000 |
commit | d830cb39a9c5e454c0d1fc9717ef376c41a68583 (patch) | |
tree | e1fe0e1ae7174be264212fb57da41ba528dfed5d /main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch | |
parent | 5580d1c7a275b2a153b54cbb0fdd5021e5b6dc70 (diff) | |
download | aports-d830cb39a9c5e454c0d1fc9717ef376c41a68583.tar.bz2 aports-d830cb39a9c5e454c0d1fc9717ef376c41a68583.tar.xz |
main/musl: cherry pick two more bug fixes from upstream
Diffstat (limited to 'main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch')
-rw-r--r-- | main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch b/main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch new file mode 100644 index 0000000000..ebc1910c7f --- /dev/null +++ b/main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch @@ -0,0 +1,38 @@ +From 23b8e3bc95620b0bd90a78ce0d926942c12b45da Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Sun, 29 Sep 2013 02:52:33 -0400 +Subject: [PATCH] fix off-by-one error in getgrnam_r and getgrgid_r, clobbering + gr_name + +bug report and patch by Michael Forney. the terminating null pointer +at the end of the gr_mem array was overwriting the beginning of the +string data, causing the gr_name member to always be a zero-length +string. +--- + src/passwd/getgr_r.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/passwd/getgr_r.c b/src/passwd/getgr_r.c +index 234c901..3fe2e2b 100644 +--- a/src/passwd/getgr_r.c ++++ b/src/passwd/getgr_r.c +@@ -26,14 +26,14 @@ static int getgr_r(const char *name, gid_t gid, struct group *gr, char *buf, siz + while (__getgrent_a(f, gr, &line, &len, &mem, &nmem)) { + if (name && !strcmp(name, gr->gr_name) + || !name && gr->gr_gid == gid) { +- if (size < len + nmem*sizeof(char *) + 32) { ++ if (size < len + (nmem+1)*sizeof(char *) + 32) { + rv = ERANGE; + break; + } + *res = gr; + buf += (16-(uintptr_t)buf)%16; + gr->gr_mem = (void *)buf; +- buf += nmem*sizeof(char *); ++ buf += (nmem+1)*sizeof(char *); + memcpy(buf, line, len); + FIX(name); + FIX(passwd); +-- +1.8.4 + |