This is the mail archive of the libc-hacker@sourceware.org mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi! If /etc/shells ends with an empty line, initshells ends with an endless loop (because fgets with length 1 always succeeds, doesn't need to read anything from the file, just stores '\0'). In addition to this if /etc/shells contains e.g. / / / / / / / / then setusershell (); endusershell (); causes heap corruption. I'm attaching two patches, some fixes are common to both patches, but they differ in how the endless loop with empty newline at end is solved. P3 adds an extra condition to the loop, P5 increases the strings buffer by one byte, so that fgets itself cures this. I have also coded up a third solution, as we never shrink the strings buffer, we might as well just fread the whole file into the strings buffer and instead of fgets simply look for '\n's in it. While that is tiny bit more efficient, it compiled into bigger code (on x86-64) and I believe for this type of functions smaller code is better code. Jakub
Attachment:
P3
Description: Text document
Attachment:
P5
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |