fix crashes in refactored passwd/group code

the wrong condition was used in determining the presence of a result
that needs space/copying for the _r functions. a zero return value
does not necessarily mean success; it can also be a non-error negative
result: no such user/group.

diff --git a/src/passwd/getgr_r.c b/src/passwd/getgr_r.c
index 68b867d88d34dfb08a5eac42680526a365b060f6..7246e8a42d38793917def24e1dcd3f6c8caec85a 100644 (file)
--- a/src/passwd/getgr_r.c
+++ b/src/passwd/getgr_r.c
@@ -16,11 +16,11 @@ static int getgr_r(const char *name, gid_t gid, struct group *gr, char *buf, siz
        pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
 
        rv = __getgr_a(name, gid, gr, &line, &len, &mem, &nmem, res);
-       if (!rv && size < len + (nmem+1)*sizeof(char *) + 32) {
+       if (*res && size < len + (nmem+1)*sizeof(char *) + 32) {
                *res = 0;
                rv = ERANGE;
        }
-       if (!rv) {
+       if (*res) {
                buf += (16-(uintptr_t)buf)%16;
                gr->gr_mem = (void *)buf;
                buf += (nmem+1)*sizeof(char *);

diff --git a/src/passwd/getpw_r.c b/src/passwd/getpw_r.c
index 0e71e43f461c27aa46c8c5fb36495a90b18c6d70..e8cc811e4d898f91c26d05b16b4456fda9d6601b 100644 (file)
--- a/src/passwd/getpw_r.c
+++ b/src/passwd/getpw_r.c
@@ -13,11 +13,11 @@ static int getpw_r(const char *name, uid_t uid, struct passwd *pw, char *buf, si
        pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
 
        rv = __getpw_a(name, uid, pw, &line, &len, res);
-       if (!rv && size < len) {
+       if (*res && size < len) {
                *res = 0;
                rv = ERANGE;
        }
-       if (!rv) {
+       if (*res) {
                memcpy(buf, line, len);
                FIX(name);
                FIX(passwd);