From 587ce83e3ff4bea64ac028149ac9b66df37f688c Mon Sep 17 00:00:00 2001
From: Alejandro Colomar <alx@kernel.org>
Date: Fri, 16 Dec 2022 00:52:27 +0100
Subject: [PATCH] Fix off-by-one mistakes

The buffers have a size of 512 (see xmalloc() above), which is what
snprintf(3) expects.

Link: <https://github.com/shadow-maint/shadow/pull/607>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
 src/groupmod.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/groupmod.c b/src/groupmod.c
index 006eca1c..828c7c0b 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -554,13 +554,13 @@ static void prepare_failure_reports (void)
 #endif
 	info_passwd.audit_msg  = xmalloc (512);
 
-	(void) snprintf (info_group.audit_msg, 511,
+	(void) snprintf (info_group.audit_msg, 512,
 	                 "changing %s; ", gr_dbname ());
 #ifdef	SHADOWGRP
-	(void) snprintf (info_gshadow.audit_msg, 511,
+	(void) snprintf (info_gshadow.audit_msg, 512,
 	                 "changing %s; ", sgr_dbname ());
 #endif
-	(void) snprintf (info_passwd.audit_msg, 511,
+	(void) snprintf (info_passwd.audit_msg, 512,
 	                 "changing %s; ", pw_dbname ());
 
 	info_group.action   =   info_group.audit_msg
@@ -573,16 +573,16 @@ static void prepare_failure_reports (void)
 	                      + strlen (info_passwd.audit_msg);
 
 	(void) snprintf (info_group.action,
-	                 511 - strlen (info_group.audit_msg),
+	                 512 - strlen (info_group.audit_msg),
 	                 "group %s/%lu",
 	                 group_name, (unsigned long int) group_id);
 #ifdef	SHADOWGRP
 	(void) snprintf (info_gshadow.action,
-	                 511 - strlen (info_group.audit_msg),
+	                 512 - strlen (info_group.audit_msg),
 	                 "group %s", group_name);
 #endif
 	(void) snprintf (info_passwd.action,
-	                 511 - strlen (info_group.audit_msg),
+	                 512 - strlen (info_group.audit_msg),
 	                 "group %s/%lu",
 	                 group_name, (unsigned long int) group_id);
 
@@ -617,13 +617,13 @@ static void prepare_failure_reports (void)
 		strncat (info_group.action, ", new gid: ",
 		         511 - strlen (info_group.audit_msg));
 		(void) snprintf (info_group.action+strlen (info_group.action),
-		                 511 - strlen (info_group.audit_msg),
+		                 512 - strlen (info_group.audit_msg),
 		                 "%lu", (unsigned long int) group_newid);
 
 		strncat (info_passwd.action, ", new gid: ",
 		         511 - strlen (info_passwd.audit_msg));
 		(void) snprintf (info_passwd.action+strlen (info_passwd.action),
-		                 511 - strlen (info_passwd.audit_msg),
+		                 512 - strlen (info_passwd.audit_msg),
 		                 "%lu", (unsigned long int) group_newid);
 	}
 	info_group.audit_msg[511]   = '\0';