fix potential memory overwrite in escape parsing

PR: 11687 Submitted by: Don Lewis <Don.Lewis@tsc.tdk.com>
author: ache <ache@FreeBSD.org> 1999-05-13 16:16:46 +0000
committer: ache <ache@FreeBSD.org> 1999-05-13 16:16:46 +0000
commit: 5f94d43a016c1c1d640336bbc2536e7fb3dd3736 (patch)
tree: df2259f7abbf484b57a0f83f274c5e4f21acdf78 /lib/libutil/login_class.c
parent: f2852710e4ab979a35e64f64c6cdb00caace8edd (diff)
download: FreeBSD-src-5f94d43a016c1c1d640336bbc2536e7fb3dd3736.zip
FreeBSD-src-5f94d43a016c1c1d640336bbc2536e7fb3dd3736.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index 3887541..34e8b5b 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -21,7 +21,7 @@
  *
  * High-level routines relating to use of the user capabilities database
  *
- *	$Id: login_class.c,v 1.9 1998/07/28 01:30:16 ache Exp $
+ *	$Id: login_class.c,v 1.10 1998/07/29 14:05:01 ache Exp $
  */
 
 #include <stdio.h>
@@ -163,7 +163,7 @@ substvar(char * var, const struct passwd * pwd, int hlen, int pch, int nlen)
 		while (*(p += strcspn(p, "~$")) != '\0') {
 		    int	l = strlen(p);
 
-		    if (p > var && *(p-1) == '\\')  /* Escaped: */
+		    if (p > np && *(p-1) == '\\')  /* Escaped: */
 			memmove(p - 1, p, l + 1); /* Slide-out the backslash */
 		    else if (*p == '~') {
 			int	v = pch && *(p+1) != '/'; /* Avoid double // */
author	ache <ache@FreeBSD.org>	1999-05-13 16:16:46 +0000
committer	ache <ache@FreeBSD.org>	1999-05-13 16:16:46 +0000
commit	5f94d43a016c1c1d640336bbc2536e7fb3dd3736 (patch)
tree	df2259f7abbf484b57a0f83f274c5e4f21acdf78 /lib/libutil/login_class.c
parent	f2852710e4ab979a35e64f64c6cdb00caace8edd (diff)
download	FreeBSD-src-5f94d43a016c1c1d640336bbc2536e7fb3dd3736.zip FreeBSD-src-5f94d43a016c1c1d640336bbc2536e7fb3dd3736.tar.gz