1 files changed, 74 insertions, 0 deletions

diff --git a/backport-Fix-off-by-one-mistakes.patch b/backport-Fix-off-by-one-mistakes.patch
new file mode 100644
index 0000000..fe11716
--- /dev/null
+++ b/backport-Fix-off-by-one-mistakes.patch
@@ -0,0 +1,74 @@
+From 587ce83e3ff4bea64ac028149ac9b66df37f688c Mon Sep 17 00:00:00 2001
+From: Alejandro Colomar <alx@kernel.org>
+Date: Fri, 16 Dec 2022 00:52:27 +0100
+Subject: [PATCH] Fix off-by-one mistakes
+
+The buffers have a size of 512 (see xmalloc() above), which is what
+snprintf(3) expects.
+
+Link: <https://github.com/shadow-maint/shadow/pull/607>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+---
+ src/groupmod.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/groupmod.c b/src/groupmod.c
+index 006eca1c..828c7c0b 100644
+--- a/src/groupmod.c
++++ b/src/groupmod.c
+@@ -554,13 +554,13 @@ static void prepare_failure_reports (void)
+ #endif
+ 	info_passwd.audit_msg  = xmalloc (512);
+ 
+-	(void) snprintf (info_group.audit_msg, 511,
++	(void) snprintf (info_group.audit_msg, 512,
+ 	                 "changing %s; ", gr_dbname ());
+ #ifdef	SHADOWGRP
+-	(void) snprintf (info_gshadow.audit_msg, 511,
++	(void) snprintf (info_gshadow.audit_msg, 512,
+ 	                 "changing %s; ", sgr_dbname ());
+ #endif
+-	(void) snprintf (info_passwd.audit_msg, 511,
++	(void) snprintf (info_passwd.audit_msg, 512,
+ 	                 "changing %s; ", pw_dbname ());
+ 
+ 	info_group.action   =   info_group.audit_msg
+@@ -573,16 +573,16 @@ static void prepare_failure_reports (void)
+ 	                      + strlen (info_passwd.audit_msg);
+ 
+ 	(void) snprintf (info_group.action,
+-	                 511 - strlen (info_group.audit_msg),
++	                 512 - strlen (info_group.audit_msg),
+ 	                 "group %s/%lu",
+ 	                 group_name, (unsigned long int) group_id);
+ #ifdef	SHADOWGRP
+ 	(void) snprintf (info_gshadow.action,
+-	                 511 - strlen (info_group.audit_msg),
++	                 512 - strlen (info_group.audit_msg),
+ 	                 "group %s", group_name);
+ #endif
+ 	(void) snprintf (info_passwd.action,
+-	                 511 - strlen (info_group.audit_msg),
++	                 512 - strlen (info_group.audit_msg),
+ 	                 "group %s/%lu",
+ 	                 group_name, (unsigned long int) group_id);
+ 
+@@ -617,13 +617,13 @@ static void prepare_failure_reports (void)
+ 		strncat (info_group.action, ", new gid: ",
+ 		         511 - strlen (info_group.audit_msg));
+ 		(void) snprintf (info_group.action+strlen (info_group.action),
+-		                 511 - strlen (info_group.audit_msg),
++		                 512 - strlen (info_group.audit_msg),
+ 		                 "%lu", (unsigned long int) group_newid);
+ 
+ 		strncat (info_passwd.action, ", new gid: ",
+ 		         511 - strlen (info_passwd.audit_msg));
+ 		(void) snprintf (info_passwd.action+strlen (info_passwd.action),
+-		                 511 - strlen (info_passwd.audit_msg),
++		                 512 - strlen (info_passwd.audit_msg),
+ 		                 "%lu", (unsigned long int) group_newid);
+ 	}
+ 	info_group.audit_msg[511]   = '\0';
+-- 
+2.27.0
+