[hackers] [slock] end{pw,sp}ent() can only be called after get{pw,sp}ent() || sin

From: <git_AT_suckless.org>
Date: Sun, 09 Nov 2014 14:10:18 +0100

commit 4339b507af01421e2deab63ca9ac3c5bdae5f4cc
Author: sin <sin_AT_2f30.org>
Date: Fri Nov 7 13:20:13 2014 +0000

    end{pw,sp}ent() can only be called after get{pw,sp}ent()
    
    Calling them unconditionally can result in memory corruption.

diff --git a/slock.c b/slock.c
index 399386b..d281965 100644
--- a/slock.c
+++ b/slock.c
_AT_@ -73,7 +73,6 @@ getpw(void) { /* only run as root */
                 else
                         die("slock: cannot retrieve password entry (make sure to suid or sgid slock)\n");
         }
- endpwent();
         rval = pw->pw_passwd;
 
 #if HAVE_SHADOW_H
_AT_@ -82,7 +81,6 @@ getpw(void) { /* only run as root */
                 sp = getspnam(getenv("USER"));
                 if(!sp)
                         die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
- endspent();
                 rval = sp->sp_pwdp;
         }
 #endif
Received on Sun Nov 09 2014 - 14:10:18 CET