File confuse-2.8-cfg_tilde_expand_overread.patch of Package libconfuse0.25880

--- confuse-2.8/src/confuse.c	2022/09/12 09:09:30	1.1
+++ confuse-2.8/src/confuse.c	2022/09/12 09:16:08
@@ -1268,14 +1268,20 @@
         }
         else
         {
-            /* ~user or ~user/path */
-            char *user;
+            char *user; /* ~user or ~user/path */
+	    size_t len;
 
             file = strchr(filename, '/');
-            if(file == 0)
+            if(file == NULL)
                 file = filename + strlen(filename);
-            user = malloc(file - filename);
-            strncpy(user, filename + 1, file - filename - 1);
+
+            len = file - filename - 1;
+            user = malloc(len + 1);
+            if (!user)
+                return NULL;
+
+            strncpy(user, &filename[1], len);
+            user[len] = 0;
             passwd = getpwnam(user);
             free(user);
         }

Places

File confuse-2.8-cfg_tilde_expand_overread.patch of Package libconfuse0.25880

Places