Fix buffer overflow if NULL line is present in db.

If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>

diff --git a/lib/commonio.c b/lib/commonio.c
index b10da06a2e091b0780716b2c967757d02cc4a06a..31edbaaf31b918205a811a7e5c13b2f8d281d375 100644 (file)
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
        for (ptr = db->head;
                (NULL != ptr)
 #if KEEP_NIS_AT_END
-            && (NULL != ptr->line)
-            && (   ('+' != ptr->line[0])
-                && ('-' != ptr->line[0]))
+            && ((NULL == ptr->line)
+                || (('+' != ptr->line[0])
+                    && ('-' != ptr->line[0])))
 #endif
             ;
             ptr = ptr->next) {
                n++;
        }
 #if KEEP_NIS_AT_END
-       if ((NULL != ptr) && (NULL != ptr->line)) {
+       if (NULL != ptr) {
                nis = ptr;
        }
 #endif