Relevant BUGIDs: Debian bug #331278

Purpose of commit: bugfix/cleanup

Commit summary:
---------------
2007-09-03  Steve Langasek  <vorlon@debian.org>

        * modules/pam_limits/pam_limits.c: remove a number of unnecessary
        string manipulations, including a strncpy() that was acting on
        overlapping memory.

diff --git a/ChangeLog b/ChangeLog
index 841b028f6076ebda34f579582c6bcf28579d9043..a83809c87b39a057f858736cf5d00693f6f89efb 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2007-09-03  Steve Langasek  <vorlon@debian.org>
 
+       * modules/pam_limits/pam_limits.c: remove a number of unnecessary
+       string manipulations, including a strncpy() that was acting on
+       overlapping memory.
+
        * libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's
        perfectly valid to allow the user to interrupt at a prompt.  If
        an application wants prompts to not be interruptable, the

diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 961a7ad05f484cbd98dbfaa2319b861116837aaf..d65e64bfe9f35fe4fe0e03a33c3278945eb325a0 100644 (file)
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -465,8 +465,6 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
         return PAM_SERVICE_ERR;
     }
 
-    /* init things */
-    memset(buf, 0, sizeof(buf));
     /* start the show */
     while (fgets(buf, LINE_LENGTH, fil) != NULL) {
         char domain[LINE_LENGTH];
@@ -475,46 +473,40 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
         char value[LINE_LENGTH];
         int i;
         size_t j;
-        char *tptr;
+        char *tptr,*line;
 
-        tptr = buf;
+        line = buf;
         /* skip the leading white space */
-        while (*tptr && isspace(*tptr))
-            tptr++;
-        strncpy(buf, tptr, sizeof(buf)-1);
-       buf[sizeof(buf)-1] = '\0';
+        while (*line && isspace(*line))
+            line++;
 
         /* Rip off the comments */
-        tptr = strchr(buf,'#');
+        tptr = strchr(line,'#');
         if (tptr)
             *tptr = '\0';
         /* Rip off the newline char */
-        tptr = strchr(buf,'\n');
+        tptr = strchr(line,'\n');
         if (tptr)
             *tptr = '\0';
         /* Anything left ? */
-        if (!strlen(buf)) {
-            memset(buf, 0, sizeof(buf));
+        if (!strlen(line))
             continue;
-        }
 
-        memset(domain, 0, sizeof(domain));
-        memset(ltype, 0, sizeof(ltype));
-        memset(item, 0, sizeof(item));
-        memset(value, 0, sizeof(value));
+       domain[0] = ltype[0] = item[0] = value[0] = '\0';
 
-        i = sscanf(buf,"%s%s%s%s", domain, ltype, item, value);
+       i = sscanf(line,"%s%s%s%s", domain, ltype, item, value);
        D(("scanned line[%d]: domain[%s], ltype[%s], item[%s], value[%s]",
           i, domain, ltype, item, value));
 
         for(j=0; j < strlen(ltype); j++)
             ltype[j]=tolower(ltype[j]);
-        for(j=0; j < strlen(item); j++)
-            item[j]=tolower(item[j]);
-        for(j=0; j < strlen(value); j++)
-            value[j]=tolower(value[j]);
 
         if (i == 4) { /* a complete line */
+           for(j=0; j < strlen(item); j++)
+               item[j]=tolower(item[j]);
+           for(j=0; j < strlen(value); j++)
+               value[j]=tolower(value[j]);
+
             if (strcmp(uname, domain) == 0) /* this user have a limit */
                 process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl);
             else if (domain[0]=='@') {
@@ -560,7 +552,7 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
                return PAM_IGNORE;
            }
         } else {
-            pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", buf);
+            pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", line);
        }
     }
     fclose(fil);