[src/netbsd-6]: src/lib/libc/gen Pull up following revision(s) (requested by ...

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/913ef20558ae
branches:  netbsd-6
changeset: 776493:913ef20558ae
user:      snj <snj%NetBSD.org@localhost>
date:      Thu Nov 07 20:38:43 2013 +0000

description:
Pull up following revision(s) (requested by christos in ticket #979):
        lib/libc/gen/getpwent.c: revision 1.79
PR/46279: Dr. W. Stukenbrock: Off-by-one in buffer length check and make sure
that the password fits in the supplied buffer.

diffstat:

 lib/libc/gen/getpwent.c |  14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)

diffs (44 lines):

diff -r 8546e8655abe -r 913ef20558ae lib/libc/gen/getpwent.c
--- a/lib/libc/gen/getpwent.c   Thu Nov 07 20:35:16 2013 +0000
+++ b/lib/libc/gen/getpwent.c   Thu Nov 07 20:38:43 2013 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: getpwent.c,v 1.77 2010/03/23 20:28:59 drochner Exp $   */
+/*     $NetBSD: getpwent.c,v 1.77.8.1 2013/11/07 20:38:43 snj Exp $    */
 
 /*-
  * Copyright (c) 1997-2000, 2004-2005 The NetBSD Foundation, Inc.
@@ -88,7 +88,7 @@
 #if 0
 static char sccsid[] = "@(#)getpwent.c 8.2 (Berkeley) 4/27/95";
 #else
-__RCSID("$NetBSD: getpwent.c,v 1.77 2010/03/23 20:28:59 drochner Exp $");
+__RCSID("$NetBSD: getpwent.c,v 1.77.8.1 2013/11/07 20:38:43 snj Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -1224,7 +1224,7 @@
        _DIAGASSERT(buf != NULL);
        _DIAGASSERT(state != NULL);
 
-       elen = strlen(entry);
+       elen = strlen(entry) + 1;
        if (elen >= buflen)
                return 0;
        if (! _pw_parse(entry, pw, buf, buflen,
@@ -1242,10 +1242,14 @@
                        char    *bp, *ep;
                                                /* skip name to get password */
                        ep = data;
-                       if ((bp = strsep(&ep, ":")) != NULL &&
+                       if (strsep(&ep, ":") != NULL &&
                            (bp = strsep(&ep, ":")) != NULL) {
                                        /* store new pw_passwd after entry */
-                               strlcpy(buf + elen, bp, buflen - elen);
+                               if (strlcpy(buf + elen, bp, buflen - elen) >=
+                                   buflen - elen) {
+                                       free(data);
+                                       return 0;
+                               }
                                pw->pw_passwd = &buf[elen];
                        }
                        free(data);