From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4088 Path: news.gmane.org!not-for-mail From: Michael Forney Newsgroups: gmane.linux.lib.musl.general Subject: [PATCH] getgr_r: Reserve space for gr_mem's NULL terminator in buffer Date: Sat, 28 Sep 2013 23:08:46 -0700 Message-ID: <1380434926-28060-1-git-send-email-mforney@mforney.org> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1380434947 21700 80.91.229.3 (29 Sep 2013 06:09:07 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 29 Sep 2013 06:09:07 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4092-gllmg-musl=m.gmane.org@lists.openwall.com Sun Sep 29 08:09:11 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1VQABm-00050u-Pw for gllmg-musl@plane.gmane.org; Sun, 29 Sep 2013 08:09:06 +0200 Original-Received: (qmail 18154 invoked by uid 550); 29 Sep 2013 06:09:05 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 18142 invoked from network); 29 Sep 2013 06:09:04 -0000 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id; bh=pUtKEtM/XNbKOn40Lfbl3O06nU9L7b57xMSo/XIyg4c=; b=lZAD/o/PEHR/yE9ANZ1sGhxIcOY+hbxgjLvnDJ+MVrvaBrP0Z9Fq8TqOYy4BuC8N/L PZST++EzO9p0sCDHanE3KdfGP1lZWB0iYzUh9jNRS2VcXbMYHKqm02Ynf04vmtJ03i9V h+r2bZEVpbLP6sr5bOuFUKrEJJhzXiui0xoFYu8W7pUUJIE5YOhO8DArfW/XPCcNWIm9 +jTu8Xz4aBe8be9nwJnpxPiaX4hVsU8KWZptKdrB6u7sog5dVZc/IB4TlOE9JCNxDV3L nKrFd9MRCO8LYWi2CxWzYFGXu6YaqblZe2F3X4JBk+l0Ayv7uV1YXFHpE+LATfDVAa2h FSFw== X-Gm-Message-State: ALoCoQnVBexRMP4XtE11nrufxnR/OZGEp7AaxQeGzo03+m/PP8gly3zQb8jBrcLsOued3kyeqdmd X-Received: by 10.66.234.193 with SMTP id ug1mr21143526pac.92.1380434932038; Sat, 28 Sep 2013 23:08:52 -0700 (PDT) X-Mailer: git-send-email 1.8.4 Xref: news.gmane.org gmane.linux.lib.musl.general:4088 Archived-At: Currently, the NULL terminator overlaps with the beginning of the line, causing gr_name to always be the empty string. --- As an aside, I don't understand why 32 is added to the size check. It looks like the length is rounded down to a multiple of 16, so at most 15 extra bytes will be needed. But even so, wouldn't it be better to check for exactly the amount of space that will be used? Or is it not worth the additional temporary variable? src/passwd/getgr_r.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/passwd/getgr_r.c b/src/passwd/getgr_r.c index 234c901..3fe2e2b 100644 --- a/src/passwd/getgr_r.c +++ b/src/passwd/getgr_r.c @@ -26,14 +26,14 @@ static int getgr_r(const char *name, gid_t gid, struct group *gr, char *buf, siz while (__getgrent_a(f, gr, &line, &len, &mem, &nmem)) { if (name && !strcmp(name, gr->gr_name) || !name && gr->gr_gid == gid) { - if (size < len + nmem*sizeof(char *) + 32) { + if (size < len + (nmem+1)*sizeof(char *) + 32) { rv = ERANGE; break; } *res = gr; buf += (16-(uintptr_t)buf)%16; gr->gr_mem = (void *)buf; - buf += nmem*sizeof(char *); + buf += (nmem+1)*sizeof(char *); memcpy(buf, line, len); FIX(name); FIX(passwd); -- 1.8.4