2 files changed, 19 insertions, 23 deletions

diff --git a/ChangeLog b/ChangeLog
index 841b028f..a83809c8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2007-09-03  Steve Langasek  <vorlon@debian.org>
 
+	* modules/pam_limits/pam_limits.c: remove a number of unnecessary
+	string manipulations, including a strncpy() that was acting on
+	overlapping memory.
+
 	* libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's
 	perfectly valid to allow the user to interrupt at a prompt.  If
 	an application wants prompts to not be interruptable, the
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 961a7ad0..d65e64bf 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -465,8 +465,6 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
         return PAM_SERVICE_ERR;
     }
 
-    /* init things */
-    memset(buf, 0, sizeof(buf));
     /* start the show */
     while (fgets(buf, LINE_LENGTH, fil) != NULL) {
         char domain[LINE_LENGTH];
@@ -475,46 +473,40 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
         char value[LINE_LENGTH];
         int i;
         size_t j;
-        char *tptr;
+        char *tptr,*line;
 
-        tptr = buf;
+        line = buf;
         /* skip the leading white space */
-        while (*tptr && isspace(*tptr))
-            tptr++;
-        strncpy(buf, tptr, sizeof(buf)-1);
-	buf[sizeof(buf)-1] = '\0';
+        while (*line && isspace(*line))
+            line++;
 
         /* Rip off the comments */
-        tptr = strchr(buf,'#');
+        tptr = strchr(line,'#');
         if (tptr)
             *tptr = '\0';
         /* Rip off the newline char */
-        tptr = strchr(buf,'\n');
+        tptr = strchr(line,'\n');
         if (tptr)
             *tptr = '\0';
         /* Anything left ? */
-        if (!strlen(buf)) {
-            memset(buf, 0, sizeof(buf));
+        if (!strlen(line))
             continue;
-        }
 
-        memset(domain, 0, sizeof(domain));
-        memset(ltype, 0, sizeof(ltype));
-        memset(item, 0, sizeof(item));
-        memset(value, 0, sizeof(value));
+	domain[0] = ltype[0] = item[0] = value[0] = '\0';
 
-        i = sscanf(buf,"%s%s%s%s", domain, ltype, item, value);
+	i = sscanf(line,"%s%s%s%s", domain, ltype, item, value);
 	D(("scanned line[%d]: domain[%s], ltype[%s], item[%s], value[%s]",
 	   i, domain, ltype, item, value));
 
         for(j=0; j < strlen(ltype); j++)
             ltype[j]=tolower(ltype[j]);
-        for(j=0; j < strlen(item); j++)
-            item[j]=tolower(item[j]);
-        for(j=0; j < strlen(value); j++)
-            value[j]=tolower(value[j]);
 
         if (i == 4) { /* a complete line */
+	    for(j=0; j < strlen(item); j++)
+		item[j]=tolower(item[j]);
+	    for(j=0; j < strlen(value); j++)
+		value[j]=tolower(value[j]);
+
             if (strcmp(uname, domain) == 0) /* this user have a limit */
                 process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl);
             else if (domain[0]=='@') {
@@ -560,7 +552,7 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
 		return PAM_IGNORE;
 	    }
         } else {
-            pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", buf);
+            pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", line);
 	}
     }
     fclose(fil);