Handle malformed lines in hushlogins file.

If a line in hushlogins file, e.g. /etc/hushlogins, starts with '\0', then current code performs an out of boundary write. If the line lacks a newline at the end, then another character is overridden. With strcspn both cases are solved. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2021-10-29 19:44:46 +02:00
parent f2476d3ce8
commit 63a96706b1
1 changed files with 1 additions and 1 deletions
--- a/libmisc/hushed.c
+++ b/libmisc/hushed.c
@@ -90,7 +90,7 @@ bool hushed (const char *username)
 		return false;
 	}
 	for (found = false; !found && (fgets (buf, (int) sizeof buf, fp) == buf);) {
-		buf[strlen (buf) - 1] = '\0';
+		buf[strcspn (buf, "\n")] = '\0';
 		found = (strcmp (buf, pw->pw_shell) == 0) ||
 		        (strcmp (buf, pw->pw_name) == 0);
 	}