From c7e74e5968929264fca40424f979653115643f5d Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Thu, 23 Apr 2009 19:15:11 +0000
Subject: [PATCH] * shadow/sgetspent_r.c (__sgetspent_r): Recognize too small
 buffers.

---
 ChangeLog            |  2 ++
 NEWS                 |  5 ++++-
 shadow/sgetspent_r.c | 10 +++++++---
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b961433ba0..f510a30f1b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 2009-04-23  Ulrich Drepper  <drepper@redhat.com>
 
+	* shadow/sgetspent_r.c (__sgetspent_r): Recognize too small buffers.
+
 	* shadow/Makefile (tests): Add tst-shadow.
 	* shadow/tst-shadow.c: New file.
 
diff --git a/NEWS b/NEWS
index d7e52f8982..411c2c3bc8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-GNU C Library NEWS -- history of user-visible changes.  2009-4-13
+GNU C Library NEWS -- history of user-visible changes.  2009-4-23
 Copyright (C) 1992-2008, 2009 Free Software Foundation, Inc.
 See the end for copying conditions.
 
@@ -44,6 +44,9 @@ Version 2.10
   and extend existing format specifiers.
   Implemented by Ulrich Drepper.
 
+* Handling for group shadow files has been added.
+  Implemented by Ulrich Drepper.
+
 
 Version 2.9
 
diff --git a/shadow/sgetspent_r.c b/shadow/sgetspent_r.c
index 2ed350a1ad..5599ee4ec8 100644
--- a/shadow/sgetspent_r.c
+++ b/shadow/sgetspent_r.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996, 1997, 1998, 2005 Free Software Foundation, Inc.
+/* Copyright (C) 1996, 1997, 1998, 2005, 2009 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -91,8 +91,12 @@ int
 __sgetspent_r (const char *string, struct spwd *resbuf, char *buffer,
 	       size_t buflen, struct spwd **result)
 {
-  int parse_result = parse_line (strncpy (buffer, string, buflen),
-				 resbuf, NULL, 0, &errno);
+  buffer[buflen - 1] = '\0';
+  char *sp = strncpy (buffer, string, buflen);
+  if (buffer[buflen - 1] != '\0')
+    return ERANGE;
+
+  int parse_result = parse_line (sp, resbuf, NULL, 0, &errno);
   *result = parse_result > 0 ? resbuf : NULL;
 
   return *result == NULL ? errno : 0;
-- 
2.11.4.GIT