[src/netbsd-1-5]: src/lib/libc/gen Pull up rev 1.47 (approved by thorpej):

[simonb <simonb%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9f92a44cb0fe
branches:  netbsd-1-5
changeset: 489644:9f92a44cb0fe
user:      simonb <simonb%NetBSD.org@localhost>
date:      Mon Oct 02 20:11:25 2000 +0000

description:
Pull up rev 1.47 (approved by thorpej):
  Fix potential buffer overflow processing long password database entries.
  Inspired by similar OpenBSD change.

diffstat:

 lib/libc/gen/getpwent.c |  17 ++++++++++++-----
 1 files changed, 12 insertions(+), 5 deletions(-)

diffs (45 lines):

diff -r c70745c78390 -r 9f92a44cb0fe lib/libc/gen/getpwent.c
--- a/lib/libc/gen/getpwent.c   Mon Oct 02 17:21:27 2000 +0000
+++ b/lib/libc/gen/getpwent.c   Mon Oct 02 20:11:25 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: getpwent.c,v 1.46 2000/01/22 22:19:11 mycroft Exp $    */
+/*     $NetBSD: getpwent.c,v 1.46.4.1 2000/10/02 20:11:25 simonb Exp $ */
 
 /*
  * Copyright (c) 1988, 1993
@@ -39,7 +39,7 @@
 #if 0
 static char sccsid[] = "@(#)getpwent.c 8.2 (Berkeley) 4/27/95";
 #else
-__RCSID("$NetBSD: getpwent.c,v 1.46 2000/01/22 22:19:11 mycroft Exp $");
+__RCSID("$NetBSD: getpwent.c,v 1.46.4.1 2000/10/02 20:11:25 simonb Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -1166,7 +1166,7 @@
 __hashpw(key)
        DBT *key;
 {
-       char *p, *t;
+       char *p, *t, *oldbuf;
        static u_int max;
        static char *buf;
        DBT data;
@@ -1185,8 +1185,15 @@
        }
 
        p = (char *)data.data;
-       if (data.size > max && !(buf = realloc(buf, (max += 1024))))
-               return NS_UNAVAIL;
+       if (data.size > max) {
+               max = roundup(data.size, 1024);
+               oldbuf = buf;
+               if ((buf = realloc(buf, max)) == NULL) {
+                       if (oldbuf != NULL)
+                               free(oldbuf);
+                       return NS_UNAVAIL;
+               }
+       }
 
        /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
        t = buf;