glib-unix.c: fix heap corruption in g_unix_get_passwd_entry

malloc() was given too small value (size of pointer,
rather than struct it points to), and subsequent call
getpwnam_r() wrote past the end of allocated block - easily
seen with valgrind.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
This commit is contained in:
Alexander Kanavin 2020-04-01 00:51:39 +02:00
parent 50355361e6
commit 473b3b4ce4

View File

@ -485,7 +485,7 @@ g_unix_get_passwd_entry (const gchar *user_name,
* loop until its big enough). Add 6 extra bytes to work around a bug in * loop until its big enough). Add 6 extra bytes to work around a bug in
* macOS < 10.3. See #156446. * macOS < 10.3. See #156446.
*/ */
buffer = g_malloc0 (sizeof (buffer) + string_buffer_size + 6); buffer = g_malloc0 (sizeof (*buffer) + string_buffer_size + 6);
errno = 0; errno = 0;
retval = getpwnam_r (user_name, &buffer->pwd, buffer->string_buffer, retval = getpwnam_r (user_name, &buffer->pwd, buffer->string_buffer,