SHA256
3
0
forked from pool/shadow
shadow/shadow-prefix-overflow.patch
2022-10-24 22:07:29 +00:00

26 lines
862 B
Diff

From eaebea55a495a56317ed85e959b3599f73c6bdf2 Mon Sep 17 00:00:00 2001
From: David Michael <fedora.dm0@gmail.com>
Date: Sun, 23 Oct 2022 18:51:33 -0400
Subject: [PATCH] useradd: Fix buffer overflow when using a prefix
The buffer length did not count the string's trailing null byte.
Signed-off-by: David Michael <fedora.dm0@gmail.com>
---
src/useradd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/useradd.c b/src/useradd.c
index 39a744ee0..7ea0a9c4d 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2372,7 +2372,7 @@ static void create_mail (void)
if (NULL == spool) {
return;
}
- file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 2);
+ file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 3);
if (prefix[0])
sprintf (file, "%s/%s/%s", prefix, spool, user_name);
else