Fix buffer overflow if NULL line is present in db.

If ptr->line == NULL for an entry, the first cycle will exit, but the second one will happily write past entries buffer. We actually do not want to exit the first cycle prematurely on ptr->line == NULL. Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
shadow-maint · 954e3d2e7113e9ac06632aee3c69b8d818cc8952 · t8m committed Mar 31, 2017 · Mar 31, 2017 · 954e3d2 · setharnold
1 parent 830ae26
commit 954e3d2e7113e9ac06632aee3c69b8d818cc8952
Unified Split

Showing with 4 additions and 4 deletions.

+4 −4 lib/commonio.c
diff --git a/lib/commonio.c b/lib/commonio.c
@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
 	for (ptr = db->head;
 	        (NULL != ptr)
 #if KEEP_NIS_AT_END
-	     && (NULL != ptr->line)
-	     && (   ('+' != ptr->line[0])
-	         && ('-' != ptr->line[0]))
+	     && ((NULL == ptr->line)
+	         || (('+' != ptr->line[0])
+	             && ('-' != ptr->line[0])))
 #endif
 	     ;
 	     ptr = ptr->next) {
 		n++;
 	}
 #if KEEP_NIS_AT_END
-	if ((NULL != ptr) && (NULL != ptr->line)) {
+	if (NULL != ptr) {
 		nis = ptr;
 	}
 #endif