Potential bufferflow in getpwent(), getpwnam() and getpwuid()

PR: bin/4134 Submitted by: nick@foobar.org
author: wosch <wosch@FreeBSD.org> 1997-09-14 18:16:11 +0000
committer: wosch <wosch@FreeBSD.org> 1997-09-14 18:16:11 +0000
commit: 5c10b1ba457f5e5fcbd4d741017d68521f97c33a (patch)
tree: 13739a25d1bdc82cbce57e0432246aedcc063bff /lib/libc
parent: 37fbc2eca7914f5981f1ccefbc00a1ad6d57bef2 (diff)
download: FreeBSD-src-5c10b1ba457f5e5fcbd4d741017d68521f97c33a.zip
FreeBSD-src-5c10b1ba457f5e5fcbd4d741017d68521f97c33a.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/libc/gen/getpwent.c b/lib/libc/gen/getpwent.c
index d1cec3e..c753232 100644
--- a/lib/libc/gen/getpwent.c
+++ b/lib/libc/gen/getpwent.c
@@ -293,8 +293,13 @@ __hashpw(key)
 	if ((_pw_db->get)(_pw_db, key, &data, 0))
 		return(0);
 	p = (char *)data.data;
-	if (data.size > max && !(line = realloc(line, max += 1024)))
-		return(0);
+
+	/* increase buffer size for long lines if necessary */
+	if (data.size > max) {
+		max = data.size + 1024;
+                if (!(line = realloc(line, max)))
+                        return(0);
+        }
 
 	/* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
 	t = line;
author	wosch <wosch@FreeBSD.org>	1997-09-14 18:16:11 +0000
committer	wosch <wosch@FreeBSD.org>	1997-09-14 18:16:11 +0000
commit	5c10b1ba457f5e5fcbd4d741017d68521f97c33a (patch)
tree	13739a25d1bdc82cbce57e0432246aedcc063bff /lib/libc
parent	37fbc2eca7914f5981f1ccefbc00a1ad6d57bef2 (diff)
download	FreeBSD-src-5c10b1ba457f5e5fcbd4d741017d68521f97c33a.zip FreeBSD-src-5c10b1ba457f5e5fcbd4d741017d68521f97c33a.tar.gz