From d73777c2c3566fb2647727bb56d9a2295b81669b Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Fri, 2 Sep 2022 16:12:46 +0200 Subject: [PATCH] Fix #163: unterminated username used with getpwnam() Signed-off-by: Joachim Wiberg [Retrieved (and backported) from: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b] Signed-off-by: Fabrice Fontaine --- src/confuse.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/confuse.c b/src/confuse.c index 6d1fdbd..05566b5 100644 --- a/src/confuse.c +++ b/src/confuse.c @@ -1894,18 +1894,20 @@ DLLIMPORT char *cfg_tilde_expand(const char *filename) passwd = getpwuid(geteuid()); file = filename + 1; } else { - /* ~user or ~user/path */ - char *user; + char *user; /* ~user or ~user/path */ + size_t len; file = strchr(filename, '/'); if (file == 0) file = filename + strlen(filename); - user = malloc(file - filename); + len = file - filename - 1; + user = malloc(len + 1); if (!user) return NULL; - strncpy(user, filename + 1, file - filename - 1); + strncpy(user, &filename[1], len); + user[len] = 0; passwd = getpwnam(user); free(user); }