From 58fa856960d3073bcf84adac8e8bd6c555674271 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Fri, 1 May 2015 12:25:01 -0400
Subject: fix mishandling of ENOMEM return case in internal getgrent_a function

due to an incorrect return statement in this error case, the
previously blocked cancellation state was not restored and no result
was stored. this could lead to invalid (read) accesses in the caller
resulting in crashes or nonsensical result data in the event of memory
exhaustion.
---
 src/passwd/getgrent_a.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/passwd/getgrent_a.c')

diff --git a/src/passwd/getgrent_a.c b/src/passwd/getgrent_a.c
index ecd2f2ea..7fc389d4 100644
--- a/src/passwd/getgrent_a.c
+++ b/src/passwd/getgrent_a.c
@@ -48,7 +48,8 @@ int __getgrent_a(FILE *f, struct group *gr, char **line, size_t *size, char ***m
 		rv = errno;
 		free(*line);
 		*line = 0;
-		return 0;
+		gr = 0;
+		goto end;
 	}
 	if (*mems) {
 		mem[0][0] = mems;
-- 
cgit v1.2.1