main/musl: cherry pick two more bug fixes from upstream

1 files changed, 38 insertions, 0 deletions

diff --git a/main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch b/main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch
new file mode 100644
index 0000000000..ebc1910c7f
--- /dev/null
+++ b/main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch
@@ -0,0 +1,38 @@
+From 23b8e3bc95620b0bd90a78ce0d926942c12b45da Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Sun, 29 Sep 2013 02:52:33 -0400
+Subject: [PATCH] fix off-by-one error in getgrnam_r and getgrgid_r, clobbering
+ gr_name
+
+bug report and patch by Michael Forney. the terminating null pointer
+at the end of the gr_mem array was overwriting the beginning of the
+string data, causing the gr_name member to always be a zero-length
+string.
+---
+ src/passwd/getgr_r.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/passwd/getgr_r.c b/src/passwd/getgr_r.c
+index 234c901..3fe2e2b 100644
+--- a/src/passwd/getgr_r.c
++++ b/src/passwd/getgr_r.c
+@@ -26,14 +26,14 @@ static int getgr_r(const char *name, gid_t gid, struct group *gr, char *buf, siz
+ 	while (__getgrent_a(f, gr, &line, &len, &mem, &nmem)) {
+ 		if (name && !strcmp(name, gr->gr_name)
+ 		|| !name && gr->gr_gid == gid) {
+-			if (size < len + nmem*sizeof(char *) + 32) {
++			if (size < len + (nmem+1)*sizeof(char *) + 32) {
+ 				rv = ERANGE;
+ 				break;
+ 			}
+ 			*res = gr;
+ 			buf += (16-(uintptr_t)buf)%16;
+ 			gr->gr_mem = (void *)buf;
+-			buf += nmem*sizeof(char *);
++			buf += (nmem+1)*sizeof(char *);
+ 			memcpy(buf, line, len);
+ 			FIX(name);
+ 			FIX(passwd);
+-- 
+1.8.4
+