This is the mail archive of the
cygwin-cvs@cygwin.com
mailing list for the Cygwin project.
[newlib-cygwin] passwd: Fix potential buffer overflow
- From: Corinna Vinschen <corinna at sourceware dot org>
- To: cygwin-cvs at sourceware dot org
- Date: 24 Oct 2016 09:24:57 -0000
- Subject: [newlib-cygwin] passwd: Fix potential buffer overflow
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=79edb254aca9631fd1e83ac4fdfa27acdf564244
commit 79edb254aca9631fd1e83ac4fdfa27acdf564244
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Sun Oct 23 17:16:30 2016 +0200
passwd: Fix potential buffer overflow
Fixes Coverity CID 66956
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/utils/passwd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/winsup/utils/passwd.c b/winsup/utils/passwd.c
index 8d91838..aa8e8cc 100644
--- a/winsup/utils/passwd.c
+++ b/winsup/utils/passwd.c
@@ -592,7 +592,8 @@ main (int argc, char **argv)
return SetModals (xarg, narg, iarg, Larg, server);
}
- strcpy (user, optind >= argc ? getlogin () : argv[optind]);
+ user[0] = '\0';
+ strncat (user, optind >= argc ? getlogin () : argv[optind], UNLEN);
/* Changing password for calling user? Use logonserver for user as well. */
if (!server && optind >= argc)