libbb: fix fallout from nth_string() robustification, closes 14726

function                                             old     new   delta
parse_common                                         187     228     +41

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 13 insertions, 1 deletions

diff --git a/libpwdgrp/pwd_grp.c b/libpwdgrp/pwd_grp.c
index b44ada432..10debbcdb 100644
--- a/libpwdgrp/pwd_grp.c
+++ b/libpwdgrp/pwd_grp.c
@@ -191,6 +191,9 @@ static char *parse_common(FILE *fp, struct passdb *db,
         char *buf;
 
         while ((buf = xmalloc_fgetline(fp)) != NULL) {
+                int n;
+                char *field;
+
                 /* Skip empty lines, comment lines */
                 if (buf[0] == '\0' || buf[0] == '#')
                         goto free_and_next;
@@ -204,7 +207,16 @@ static char *parse_common(FILE *fp, struct passdb *db,
                         /* no key specified: sequential read, return a record */
                         break;
                 }
-                if (strcmp(key, nth_string(buf, field_pos)) == 0) {
+                /* Can't use nth_string() here, it does not allow empty strings
+                 * ("\0\0" terminates the list), and a valid passwd entry
+                 * "user::UID:GID..." would be mishandled */
+                n = field_pos;
+                field = buf;
+                while (n) {
+                        n--;
+                        field += strlen(field) + 1;
+                }
+                if (strcmp(key, field) == 0) {
                         /* record found */
                         break;
                 }