end{pw,sp}ent() can only be called after get{pw,sp}ent()
authorsin <sin@2f30.org>
Fri, 7 Nov 2014 13:20:13 +0000 (13:20 +0000)
committersin <sin@2f30.org>
Sun, 9 Nov 2014 13:10:02 +0000 (13:10 +0000)
Calling them unconditionally can result in memory corruption.

slock.c

diff --git a/slock.c b/slock.c
index 399386b..d281965 100644 (file)
--- a/slock.c
+++ b/slock.c
@@ -73,7 +73,6 @@ getpw(void) { /* only run as root */
                else
                        die("slock: cannot retrieve password entry (make sure to suid or sgid slock)\n");
        }
                else
                        die("slock: cannot retrieve password entry (make sure to suid or sgid slock)\n");
        }
-       endpwent();
        rval =  pw->pw_passwd;
 
 #if HAVE_SHADOW_H
        rval =  pw->pw_passwd;
 
 #if HAVE_SHADOW_H
@@ -82,7 +81,6 @@ getpw(void) { /* only run as root */
                sp = getspnam(getenv("USER"));
                if(!sp)
                        die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
                sp = getspnam(getenv("USER"));
                if(!sp)
                        die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
-               endspent();
                rval = sp->sp_pwdp;
        }
 #endif
                rval = sp->sp_pwdp;
        }
 #endif