From 6aef5e591f3fa1ceeedb22273d2fe04298b6e3fb Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 30 Nov 2009 21:48:33 +0100 Subject: Fix bug 6546: Avoid accessing buf[-1] if NUL byte comes from fgets --- source3/utils/eventlogadm.c | 5 ++++- source3/utils/net_rpc.c | 3 ++- source3/utils/smbget.c | 4 +++- source4/torture/nbench/nbench.c | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/source3/utils/eventlogadm.c b/source3/utils/eventlogadm.c index 7fc04b008e..415330f68c 100644 --- a/source3/utils/eventlogadm.c +++ b/source3/utils/eventlogadm.c @@ -118,7 +118,10 @@ static int DoWriteCommand( int argc, char **argv, bool debugflag, char *exename if (fgets( linein, sizeof( linein ) - 1, f1 ) == NULL) { break; } - linein[strlen( linein ) - 1] = 0; /* whack the line delimiter */ + if ((strlen(linein) > 0) + && (linein[strlen(linein)-1] == '\n')) { + linein[strlen(linein)-1] = 0; + } if ( debugflag ) printf( "Read line [%s]\n", linein ); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index fdb11f33a0..5b3b1e34d7 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -4262,8 +4262,9 @@ static bool get_user_tokens_from_file(FILE *f, return true; } - if (line[strlen(line)-1] == '\n') + if ((strlen(line) > 0) && (line[strlen(line)-1] == '\n')) { line[strlen(line)-1] = '\0'; + } if (line[0] == ' ') { /* We have a SID */ diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c index b7d56cdcba..15fe1fd70a 100644 --- a/source3/utils/smbget.c +++ b/source3/utils/smbget.c @@ -94,7 +94,9 @@ static void get_auth_data(const char *srv, const char *shr, char *wg, int wglen, if (fgets(tmp, sizeof(tmp), stdin) == NULL) { return; } - if(tmp[strlen(tmp)-1] == '\n')tmp[strlen(tmp)-1] = '\0'; + if ((strlen(tmp) > 0) && (tmp[strlen(tmp)-1] == '\n')) { + tmp[strlen(tmp)-1] = '\0'; + } strncpy(un, tmp, unlen-1); } else if(username) strncpy(un, username, unlen-1); diff --git a/source4/torture/nbench/nbench.c b/source4/torture/nbench/nbench.c index 5a4037f906..05c889d1b7 100644 --- a/source4/torture/nbench/nbench.c +++ b/source4/torture/nbench/nbench.c @@ -95,7 +95,9 @@ again: nbench_line_count++; - line[strlen(line)-1] = 0; + if ((strlen(line) > 0) && line[strlen(line)-1] == '\n') { + line[strlen(line)-1] = 0; + } all_string_sub(line,"client1", cname, sizeof(line)); -- cgit