From 0cdd6f579256d7dcbf48548ee470b8bb54a7de64 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Wed, 27 Apr 2022 15:29:57 +0200 Subject: [PATCH] libbb: fix fallout from nth_string() robustification, closes 14726 function old new delta parse_common 187 228 +41 Signed-off-by: Denys Vlasenko --- libpwdgrp/pwd_grp.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libpwdgrp/pwd_grp.c b/libpwdgrp/pwd_grp.c index b44ada432..10debbcdb 100644 --- a/libpwdgrp/pwd_grp.c +++ b/libpwdgrp/pwd_grp.c @@ -191,6 +191,9 @@ static char *parse_common(FILE *fp, struct passdb *db, char *buf; while ((buf = xmalloc_fgetline(fp)) != NULL) { + int n; + char *field; + /* Skip empty lines, comment lines */ if (buf[0] == '\0' || buf[0] == '#') goto free_and_next; @@ -204,7 +207,16 @@ static char *parse_common(FILE *fp, struct passdb *db, /* no key specified: sequential read, return a record */ break; } - if (strcmp(key, nth_string(buf, field_pos)) == 0) { + /* Can't use nth_string() here, it does not allow empty strings + * ("\0\0" terminates the list), and a valid passwd entry + * "user::UID:GID..." would be mishandled */ + n = field_pos; + field = buf; + while (n) { + n--; + field += strlen(field) + 1; + } + if (strcmp(key, field) == 0) { /* record found */ break; }