From fb62ae74d0c87ff506e970bf18579cc96b16e046 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Thu, 30 Jun 2011 08:11:06 -0400
Subject: fix buffer overrun in getgrent code when there are no group members

---
 src/passwd/getgrent_a.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/passwd/getgrent_a.c b/src/passwd/getgrent_a.c
index ccb51d52..7c63c57b 100644
--- a/src/passwd/getgrent_a.c
+++ b/src/passwd/getgrent_a.c
@@ -37,10 +37,14 @@ struct group *__getgrent_a(FILE *f, struct group *gr, char **line, size_t *size,
 		*line = 0;
 		return 0;
 	}
-	mem[0][0] = mems;
-	for (s=mems, i=0; *s; s++)
-		if (*s==',') *s++ = 0, mem[0][++i] = s;
-	mem[0][++i] = 0;
+	if (*mems) {
+		mem[0][0] = mems;
+		for (s=mems, i=0; *s; s++)
+			if (*s==',') *s++ = 0, mem[0][++i] = s;
+		mem[0][++i] = 0;
+	} else {
+		mem[0][0] = 0;
+	}
 	gr->gr_mem = *mem;
 	return gr;
 }
-- 
cgit v1.2.1