From 929686ba6a01168aee43cb3b854d24133f4ef38e Mon Sep 17 00:00:00 2001
From: Eric Andersen <andersen@codepoet.org>
Date: Sat, 13 Apr 2002 15:13:59 +0000
Subject: Patch from Jim Treadway <jim@stardot-tech.com>:     The internal
 __getgrent function doesn't allocate enough memory to hold     the trailing
 NULL pointer in the gr_mem member of the returned 'struct     group *'.

---
 libc/pwd_grp/__getgrent.c | 28 +++++++++-------------------
 1 file changed, 9 insertions(+), 19 deletions(-)

(limited to 'libc/pwd_grp')

diff --git a/libc/pwd_grp/__getgrent.c b/libc/pwd_grp/__getgrent.c
index d1bf8e61e..2da45973f 100644
--- a/libc/pwd_grp/__getgrent.c
+++ b/libc/pwd_grp/__getgrent.c
@@ -145,26 +145,16 @@ struct group *__getgrent(int grp_fd)
 	}
 #else							/* !GR_SCALE_DYNAMIC */
 	if (members != NULL)
-		free(members);
-	members = (char **) malloc(1 * sizeof(char *));
-
-	while ((ptr = strchr(ptr, ',')) != NULL) {
-		*ptr = '\0';
-		ptr++;
-		members[member_num] = field_begin;
-		field_begin = ptr;
-		member_num++;
-		members =
-			(char **) realloc((void *) members,
-
-							  (member_num + 1) * sizeof(char *));
-	}
-	if (*field_begin == '\0')
-		members[member_num] = NULL;
-	else {
-		members[member_num] = field_begin;
-		members[member_num + 1] = NULL;
+	    free(members);
+	members = (char **) malloc((member_num + 1) * sizeof(char *));
+	for ( ; field_begin && *field_begin != '\0'; field_begin = ptr) {
+	    if ((ptr = strchr(field_begin, ',')) != NULL)
+		*ptr++ = '\0';
+	    members[member_num++] = field_begin;
+	    members = (char **) realloc(members,
+		    (member_num + 1) * sizeof(char *));
 	}
+	members[member_num] = NULL;
 #endif							/* GR_SCALE_DYNAMIC */
 
 	group.gr_mem = members;
-- 
cgit v1.2.3