getmntent: fix memory corruption w/blank lines [BZ #18887]

The fix for BZ #17273 introduced a single byte of memory corruption when
the line is entirely blank.  It would walk back past the start of the
buffer if the heap happened to be 0x20 or 0x09 and then write a NUL byte.
	buffer = '\n';
	end_ptr = buffer;
	while (end_ptr[-1] == ' ' || end_ptr[-1] == '\t')
		end_ptr--;
	*end_ptr = '\0';

Fix that and rework the tests.  Adding the testcase for BZ #17273 to the
existing \040 parser does not really make sense as it's unrelated, and
leads to confusing behavior: it implicitly relies on the new entry being
longer than the previous entry (since it just rewinds the FILE*).  Split
it out into its own dedicated testcase instead.

(cherry picked from commit b0e805fa0d6fea33745952df7b7f5442ca4c374f)

1 files changed, 10 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 8230149d4a..f3027b02cd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2015-08-28  Mike Frysinger  <vapier@gentoo.org>
+
+	[BZ #18887]
+	* misc/Makefile (tests): Add tst-mntent-blank-corrupt and
+	tst-mntent-blank-passno.
+	* misc/mntent_r.c (__getmntent_r): Do not read past buffer[0].
+	* misc/tst-mntent-blank-corrupt.c: New test.
+	* misc/tst-mntent-blank-passno.c: New test ripped from ...
+	* misc/tst-mntent.c (do_test): ... here.
+
 2015-08-25  Roland McGrath  <roland@hack.frob.com>
 
 	* sysdeps/nacl/start.c (_start): Call __nacl_main instead of main