1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
From 587ce83e3ff4bea64ac028149ac9b66df37f688c Mon Sep 17 00:00:00 2001
From: Alejandro Colomar <alx@kernel.org>
Date: Fri, 16 Dec 2022 00:52:27 +0100
Subject: [PATCH] Fix off-by-one mistakes
The buffers have a size of 512 (see xmalloc() above), which is what
snprintf(3) expects.
Link: <https://github.com/shadow-maint/shadow/pull/607>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
src/groupmod.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/groupmod.c b/src/groupmod.c
index 006eca1c..828c7c0b 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -554,13 +554,13 @@ static void prepare_failure_reports (void)
#endif
info_passwd.audit_msg = xmalloc (512);
- (void) snprintf (info_group.audit_msg, 511,
+ (void) snprintf (info_group.audit_msg, 512,
"changing %s; ", gr_dbname ());
#ifdef SHADOWGRP
- (void) snprintf (info_gshadow.audit_msg, 511,
+ (void) snprintf (info_gshadow.audit_msg, 512,
"changing %s; ", sgr_dbname ());
#endif
- (void) snprintf (info_passwd.audit_msg, 511,
+ (void) snprintf (info_passwd.audit_msg, 512,
"changing %s; ", pw_dbname ());
info_group.action = info_group.audit_msg
@@ -573,16 +573,16 @@ static void prepare_failure_reports (void)
+ strlen (info_passwd.audit_msg);
(void) snprintf (info_group.action,
- 511 - strlen (info_group.audit_msg),
+ 512 - strlen (info_group.audit_msg),
"group %s/%lu",
group_name, (unsigned long int) group_id);
#ifdef SHADOWGRP
(void) snprintf (info_gshadow.action,
- 511 - strlen (info_group.audit_msg),
+ 512 - strlen (info_group.audit_msg),
"group %s", group_name);
#endif
(void) snprintf (info_passwd.action,
- 511 - strlen (info_group.audit_msg),
+ 512 - strlen (info_group.audit_msg),
"group %s/%lu",
group_name, (unsigned long int) group_id);
@@ -617,13 +617,13 @@ static void prepare_failure_reports (void)
strncat (info_group.action, ", new gid: ",
511 - strlen (info_group.audit_msg));
(void) snprintf (info_group.action+strlen (info_group.action),
- 511 - strlen (info_group.audit_msg),
+ 512 - strlen (info_group.audit_msg),
"%lu", (unsigned long int) group_newid);
strncat (info_passwd.action, ", new gid: ",
511 - strlen (info_passwd.audit_msg));
(void) snprintf (info_passwd.action+strlen (info_passwd.action),
- 511 - strlen (info_passwd.audit_msg),
+ 512 - strlen (info_passwd.audit_msg),
"%lu", (unsigned long int) group_newid);
}
info_group.audit_msg[511] = '\0';
--
2.27.0
|
