From 1bc404530b870cd6db0c38eca0c8d76b5cb0e796 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 18 Apr 1997 18:55:16 +0000
Subject: [PATCH] constrain length of db lookups better; reported by
 adam@math.tau.ac.il

---
 lib/libc/gen/getpwent.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/libc/gen/getpwent.c b/lib/libc/gen/getpwent.c
index 7cab9efbccc..12aeeb618e0 100644
--- a/lib/libc/gen/getpwent.c
+++ b/lib/libc/gen/getpwent.c
@@ -33,7 +33,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: getpwent.c,v 1.9 1997/04/13 05:11:07 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: getpwent.c,v 1.10 1997/04/18 18:55:16 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -489,7 +489,7 @@ __has_yppw()
 	len = strlen("+");
 	bcopy("+", bf + 1, MIN(len, UT_NAMESIZE));
 	pkey.data = (u_char *)bf;
-	pkey.size = len + 1;
+	pkey.size = MIN(len, UT_NAMESIZE) + 1;
 
 	if ((_pw_db->get)(_pw_db, &key, &data, 0)
 	    && (_pw_db->get)(_pw_db, &pkey, &pdata, 0))
@@ -699,7 +699,7 @@ pwnam_netgrp:
 	len = strlen(name);
 	bcopy(name, bf + 1, MIN(len, UT_NAMESIZE));
 	key.data = (u_char *)bf;
-	key.size = len + 1;
+	key.size = MIN(len, UT_NAMESIZE) + 1;
 	rval = __hashpw(&key);
 
 	if (!_pw_stayopen) {
-- 
2.20.1