about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--src/passwd/getspnam_r.c69
-rw-r--r--src/passwd/pwf.h2
2 files changed, 40 insertions, 31 deletions
diff --git a/src/passwd/getspnam_r.c b/src/passwd/getspnam_r.c
index f4d7b35e..15f8c87b 100644
--- a/src/passwd/getspnam_r.c
+++ b/src/passwd/getspnam_r.c
@@ -12,9 +12,45 @@
  * file. It also avoids any allocation to prevent memory-exhaustion
  * attacks via huge TCB shadow files. */
 
-static long xatol(const char *s)
+static long xatol(char **s)
 {
-	return isdigit(*s) ? atol(s) : -1;
+	long x;
+	if (**s == ':' || **s == '\n') return -1;
+	for (x=0; **s-'0'<10U; ++*s) x=10*x+(**s-'0');
+	return x;
+}
+
+int __parsespent(char *s, struct spwd *sp)
+{
+	sp->sp_namp = s;
+	if (!(s = strchr(s, ':'))) return -1;
+	*s = 0;
+
+	sp->sp_pwdp = ++s;
+	if (!(s = strchr(s, ':'))) return -1;
+	*s = 0;
+
+	s++; sp->sp_lstchg = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_min = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_max = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_warn = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_inact = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_expire = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_flag = xatol(&s);
+	if (*s != '\n') return -1;
+	return 0;
 }
 
 static void cleanup(void *p)
@@ -29,7 +65,6 @@ int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct
 	int rv = 0;
 	int fd;
 	size_t k, l = strlen(name);
-	char *s;
 	int skip = 0;
 	int cs;
 
@@ -71,34 +106,8 @@ int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct
 			rv = ERANGE;
 			break;
 		}
-		buf[k-1] = 0;
-
-		s = buf;
-		sp->sp_namp = s;
-		if (!(s = strchr(s, ':'))) continue;
-
-		*s++ = 0; sp->sp_pwdp = s;
-		if (!(s = strchr(s, ':'))) continue;
-
-		*s++ = 0; sp->sp_lstchg = xatol(s);
-		if (!(s = strchr(s, ':'))) continue;
-
-		*s++ = 0; sp->sp_min = xatol(s);
-		if (!(s = strchr(s, ':'))) continue;
-
-		*s++ = 0; sp->sp_max = xatol(s);
-		if (!(s = strchr(s, ':'))) continue;
-
-		*s++ = 0; sp->sp_warn = xatol(s);
-		if (!(s = strchr(s, ':'))) continue;
-
-		*s++ = 0; sp->sp_inact = xatol(s);
-		if (!(s = strchr(s, ':'))) continue;
-
-		*s++ = 0; sp->sp_expire = xatol(s);
-		if (!(s = strchr(s, ':'))) continue;
 
-		*s++ = 0; sp->sp_flag = xatol(s);
+		if (__parsespent(buf, sp) < 0) continue;
 		*res = sp;
 		break;
 	}
diff --git a/src/passwd/pwf.h b/src/passwd/pwf.h
index 0a76ef80..2d813ada 100644
--- a/src/passwd/pwf.h
+++ b/src/passwd/pwf.h
@@ -9,5 +9,5 @@
 #include "libc.h"
 
 struct passwd *__getpwent_a(FILE *f, struct passwd *pw, char **line, size_t *size);
-struct spwd *__getspent_a(FILE *f, struct spwd *sp, char **line, size_t *size);
 struct group *__getgrent_a(FILE *f, struct group *gr, char **line, size_t *size, char ***mem, size_t *nmem);
+int __parsespent(char *s, struct spwd *sp);