diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1997-04-18 18:55:17 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1997-04-18 18:55:17 +0000 |
commit | ceefd3c9184ed70b29d9c9b3c14639ea9df024df (patch) | |
tree | c781f4fabb4ce486294457af73518557fe81929e /lib/libc | |
parent | b3c1597e3a7c5cd6b76127270ad5333f1e7e3d6c (diff) |
constrain length of db lookups better; reported by adam@math.tau.ac.il
Diffstat (limited to 'lib/libc')
-rw-r--r-- | lib/libc/gen/getpwent.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libc/gen/getpwent.c b/lib/libc/gen/getpwent.c index 7cab9efbccc..12aeeb618e0 100644 --- a/lib/libc/gen/getpwent.c +++ b/lib/libc/gen/getpwent.c @@ -33,7 +33,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getpwent.c,v 1.9 1997/04/13 05:11:07 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: getpwent.c,v 1.10 1997/04/18 18:55:16 deraadt Exp $"; #endif /* LIBC_SCCS and not lint */ #include <sys/param.h> @@ -489,7 +489,7 @@ __has_yppw() len = strlen("+"); bcopy("+", bf + 1, MIN(len, UT_NAMESIZE)); pkey.data = (u_char *)bf; - pkey.size = len + 1; + pkey.size = MIN(len, UT_NAMESIZE) + 1; if ((_pw_db->get)(_pw_db, &key, &data, 0) && (_pw_db->get)(_pw_db, &pkey, &pdata, 0)) @@ -699,7 +699,7 @@ pwnam_netgrp: len = strlen(name); bcopy(name, bf + 1, MIN(len, UT_NAMESIZE)); key.data = (u_char *)bf; - key.size = len + 1; + key.size = MIN(len, UT_NAMESIZE) + 1; rval = __hashpw(&key); if (!_pw_stayopen) { |