2 files changed, 7 insertions, 4 deletions

diff --git a/CHANGELOG b/CHANGELOG
index fab19863..3fd82275 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -49,6 +49,8 @@ bug report - outstanding bugs are listed here:
 0.76: please submit patches for this section with actual code/doc
       patches!
 
+* pam_access fixes - looks out for trailing '.' - from Carlo Marcelo
+  Arenas Belon (Bug 419631 - agmorgan)
 * don't zero out password strings during pam_unix's password changing
   function (Bug 419803 - vorlon)
 * propagate some definitions to the _pam_aconf.h file - from David Lee
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 87ad708d..33bf767f 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -345,8 +345,9 @@ static int from_match(char *tok, struct login_info *item)
            by "string" starts from "tok".
                                1998/01/27  Andrey V. Savochkin <saw@msu.ru>
          */
+
         struct hostent *h;
-        char hn[3+1+3+1+3+1+3+1];
+        char hn[3+1+3+1+3+1+3+1+1];
         int r;
 
         h = gethostbyname(string);
@@ -356,9 +357,9 @@ static int from_match(char *tok, struct login_info *item)
 	    return (NO);
         if (h->h_length != 4)
 	    return (NO); /* only IPv4 addresses (SAW) */
-        r = snprintf(hn, sizeof(hn), "%u.%u.%u.%u",
-                (unsigned char)h->h_addr[0], (unsigned char)h->h_addr[1],
-                (unsigned char)h->h_addr[2], (unsigned char)h->h_addr[3]);
+        r = snprintf(hn, sizeof(hn), "%u.%u.%u.%u.",
+		     (unsigned char)h->h_addr[0], (unsigned char)h->h_addr[1],
+		     (unsigned char)h->h_addr[2], (unsigned char)h->h_addr[3]);
         if (r < 0 || r >= sizeof(hn))
 	    return (NO);
         if (!strncmp(tok, hn, tok_len))