libpam: avoid endless loop on long config line

An endless loop with fgets can be triggered if exactly one free byte is left in buffer, because fgets will fill this byte with \0 without reading any further data from file. This requires an invalid system configuration. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
author: Tobias Stoeckmann <tobias@stoeckmann.org> 2023-11-10 23:51:19 +0100
committer: Dmitry V. Levin <github.dl@altlinux.org> 2023-11-12 16:53:22 +0000
commit: 67e8f426ec7123eb50f3f8f907811a6f0d4e161a (patch)
tree: 87214ae7414a31c2572ed3d8d0c939d3ce8db588 /libpam/pam_handlers.c
parent: 9952e5fb5cce0e9d040729edfbc296b26b66b49a (diff)
download: pam-67e8f426ec7123eb50f3f8f907811a6f0d4e161a.tar.gz
pam-67e8f426ec7123eb50f3f8f907811a6f0d4e161a.tar.bz2
pam-67e8f426ec7123eb50f3f8f907811a6f0d4e161a.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c
index 1f1917b5..d8393044 100644
--- a/libpam/pam_handlers.c
+++ b/libpam/pam_handlers.c
@@ -575,7 +575,7 @@ static int _pam_assemble_line(FILE *f, char *buffer, int buf_len)
 
     D(("called."));
     for (;;) {
-	if (p >= endp) {
+	if (p >= endp - 1) {
 	    /* Overflow */
 	    D(("_pam_assemble_line: overflow"));
 	    return -1;
author	Tobias Stoeckmann <tobias@stoeckmann.org>	2023-11-10 23:51:19 +0100
committer	Dmitry V. Levin <github.dl@altlinux.org>	2023-11-12 16:53:22 +0000
commit	67e8f426ec7123eb50f3f8f907811a6f0d4e161a (patch)
tree	87214ae7414a31c2572ed3d8d0c939d3ce8db588 /libpam/pam_handlers.c
parent	9952e5fb5cce0e9d040729edfbc296b26b66b49a (diff)
download	pam-67e8f426ec7123eb50f3f8f907811a6f0d4e161a.tar.gz pam-67e8f426ec7123eb50f3f8f907811a6f0d4e161a.tar.bz2 pam-67e8f426ec7123eb50f3f8f907811a6f0d4e161a.zip