From 3fd498242948b1fa944c56646ec9b156387dd310 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Mon, 23 Jun 2014 10:24:45 +0200 Subject: Don't ignore too long lines in nss_files (BZ #17079) (cherry picked from commit ac60763eac3d43b7234dd21286ad3ec3f17957fc) Conflicts: ChangeLog NEWS --- ChangeLog | 6 ++++++ NEWS | 4 ++-- nss/nss_files/files-XXX.c | 4 +++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6aff2a266b..815acf08dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2014-06-23 Andreas Schwab + + [BZ #17079] + * nss/nss_files/files-XXX.c (get_contents): Store overflow marker + before reading the next line. + 2015-10-02 Andreas Schwab * sysdeps/posix/getaddrinfo.c (gaih_inet): Advance address pointer diff --git a/NEWS b/NEWS index fb0fa3cd47..ed33f47750 100644 --- a/NEWS +++ b/NEWS @@ -10,8 +10,8 @@ Version 2.19.1 * The following bugs are resolved with this release: 15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885, - 16916, 16932, 16943, 16958, 17048, 17069, 17137, 17153, 17213, 17263, - 17325, 17555, 18287. + 16916, 16932, 16943, 16958, 17048, 17069, 17079, 17137, 17153, 17213, + 17263, 17325, 17555, 18287. * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a diff --git a/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c index 36242f9d44..d4cd95e26c 100644 --- a/nss/nss_files/files-XXX.c +++ b/nss/nss_files/files-XXX.c @@ -198,10 +198,12 @@ get_contents (char *linebuf, size_t len, FILE *stream) { int curlen = ((remaining_len > (size_t) INT_MAX) ? INT_MAX : remaining_len); - char *p = fgets_unlocked (curbuf, curlen, stream); + /* Terminate the line so that we can test for overflow. */ ((unsigned char *) curbuf)[curlen - 1] = 0xff; + char *p = fgets_unlocked (curbuf, curlen, stream); + /* EOF or read error. */ if (p == NULL) return gcr_error; -- cgit 1.4.1