emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libbb: fix fallout from nth_string() robustification, closes 14726

Browse Source 
function                                             old     new   delta
parse_common                                         187     228     +41

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2022-04-27 15:29:57 +02:00
parent 7fbfb2050f
commit 0cdd6f5792
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libpwdgrp/pwd_grp.c
View File

@ -191,6 +191,9 @@ static char *parse_common(FILE *fp, struct passdb *db,
char *buf; char *buf;
while ((buf = xmalloc_fgetline(fp)) != NULL) { while ((buf = xmalloc_fgetline(fp)) != NULL) {
int n;
char *field;
/* Skip empty lines, comment lines */ /* Skip empty lines, comment lines */
if (buf[0] == '\0' || buf[0] == '#') if (buf[0] == '\0' || buf[0] == '#')
goto free_and_next; goto free_and_next;
@ -204,7 +207,16 @@ static char *parse_common(FILE *fp, struct passdb *db,
/* no key specified: sequential read, return a record */ /* no key specified: sequential read, return a record */
break; break;
} }
if (strcmp(key, nth_string(buf, field_pos)) == 0) { /* Can't use nth_string() here, it does not allow empty strings
* ("\0\0" terminates the list), and a valid passwd entry
* "user::UID:GID..." would be mishandled */
n = field_pos;
field = buf;
while (n) {
n--;
field += strlen(field) + 1;
}
if (strcmp(key, field) == 0) {
/* record found */ /* record found */
break; break;
} }