From 164877ec7f0dca2bfd88e78e08581c0a9ff722e4 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Wed, 3 Feb 2010 06:23:31 -0800
Subject: [PATCH 6/8] Fix endless loop with invalid /etc/shells file.
 (cherry picked from commit caa6e77293d85e31dfde371b78862e9330a1478e)

---
 ChangeLog           |    6 ++++++
 misc/getusershell.c |    4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5295d70..f6612ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2010-02-03  Ulrich Drepper  <drepper@redhat.com>
+
+	[BZ #11242]
+	* misc/getusershell.c (initshells): Allocate one more byte in input
+	buffer so that fgets doesn't loop undefinitely.
+
 2010-02-02  Ulrich Drepper  <drepper@redhat.com>
 
 	* stdlib/setenv.c (__add_to_environ): Don't use alloca if
diff --git a/misc/getusershell.c b/misc/getusershell.c
index 636da32..0e4f796 100644
--- a/misc/getusershell.c
+++ b/misc/getusershell.c
@@ -116,7 +116,8 @@ initshells()
 	}
 	if (statb.st_size > ~(size_t)0 / sizeof (char *) * 3)
 		goto init_okshells;
-	if ((strings = malloc(statb.st_size + 2)) == NULL)
+	flen = statb.st_size + 3;
+	if ((strings = malloc(flen)) == NULL)
 		goto init_okshells;
 	shells = malloc(statb.st_size / 3 * sizeof (char *));
 	if (shells == NULL) {
@@ -126,7 +127,6 @@ initshells()
 	}
 	sp = shells;
 	cp = strings;
-	flen = statb.st_size + 2;
 	while (fgets_unlocked(cp, flen - (cp - strings), fp) != NULL) {
 		while (*cp != '#' && *cp != '/' && *cp != '\0')
 			cp++;
-- 
1.7.0