From fc5a96c9c8aa186effad7520d5df6b616bbfd29d Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Mon, 23 Feb 2015 00:35:47 -0500 Subject: fix crashes in refactored passwd/group code the wrong condition was used in determining the presence of a result that needs space/copying for the _r functions. a zero return value does not necessarily mean success; it can also be a non-error negative result: no such user/group. --- src/passwd/getgr_r.c | 4 ++-- src/passwd/getpw_r.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/passwd/getgr_r.c b/src/passwd/getgr_r.c index 68b867d8..7246e8a4 100644 --- a/src/passwd/getgr_r.c +++ b/src/passwd/getgr_r.c @@ -16,11 +16,11 @@ static int getgr_r(const char *name, gid_t gid, struct group *gr, char *buf, siz pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs); rv = __getgr_a(name, gid, gr, &line, &len, &mem, &nmem, res); - if (!rv && size < len + (nmem+1)*sizeof(char *) + 32) { + if (*res && size < len + (nmem+1)*sizeof(char *) + 32) { *res = 0; rv = ERANGE; } - if (!rv) { + if (*res) { buf += (16-(uintptr_t)buf)%16; gr->gr_mem = (void *)buf; buf += (nmem+1)*sizeof(char *); diff --git a/src/passwd/getpw_r.c b/src/passwd/getpw_r.c index 0e71e43f..e8cc811e 100644 --- a/src/passwd/getpw_r.c +++ b/src/passwd/getpw_r.c @@ -13,11 +13,11 @@ static int getpw_r(const char *name, uid_t uid, struct passwd *pw, char *buf, si pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs); rv = __getpw_a(name, uid, pw, &line, &len, res); - if (!rv && size < len) { + if (*res && size < len) { *res = 0; rv = ERANGE; } - if (!rv) { + if (*res) { memcpy(buf, line, len); FIX(name); FIX(passwd); -- cgit v1.2.1