Patch for Debian bug #331278

Remove a number of unnecessary string manipulations, including a
strncpy() that was acting on overlapping memory.

Authors: Steve Langasek <vorlon@debian.org>

Upstream status: committed to CVS

Index: pam/Linux-PAM/modules/pam_limits/pam_limits.c
===================================================================
--- pam.orig/Linux-PAM/modules/pam_limits/pam_limits.c
+++ pam/Linux-PAM/modules/pam_limits/pam_limits.c
@@ -492,8 +492,6 @@
     }
 #undef CONF_FILE
 
-    /* init things */
-    memset(buf, 0, sizeof(buf));
     /* start the show */
     while (fgets(buf, LINE_LENGTH, fil) != NULL) {
         char domain[LINE_LENGTH];
@@ -502,46 +500,40 @@
         char value[LINE_LENGTH];
         int i;
         size_t j;
-        char *tptr;
+        char *tptr,*line;
 
-        tptr = buf;
+        line = buf;
         /* skip the leading white space */
-        while (*tptr && isspace(*tptr))
-            tptr++;
-        strncpy(buf, tptr, sizeof(buf)-1);
-	buf[sizeof(buf)-1] = '\0';
+        while (*line && isspace(*line))
+            line++;
 
         /* Rip off the comments */
-        tptr = strchr(buf,'#');
+        tptr = strchr(line,'#');
         if (tptr)
             *tptr = '\0';
         /* Rip off the newline char */
-        tptr = strchr(buf,'\n');
+        tptr = strchr(line,'\n');
         if (tptr)
             *tptr = '\0';
         /* Anything left ? */
-        if (!strlen(buf)) {
-            memset(buf, 0, sizeof(buf));
+        if (!strlen(line))
             continue;
-        }
 
-        memset(domain, 0, sizeof(domain));
-        memset(ltype, 0, sizeof(ltype));
-        memset(item, 0, sizeof(item));
-        memset(value, 0, sizeof(value));
+	domain[0] = ltype[0] = item[0] = value[0] = '\0';
 
-        i = sscanf(buf,"%s%s%s%s", domain, ltype, item, value);
+	i = sscanf(line,"%s%s%s%s", domain, ltype, item, value);
 	D(("scanned line[%d]: domain[%s], ltype[%s], item[%s], value[%s]",
 	   i, domain, ltype, item, value));
 
         for(j=0; j < strlen(ltype); j++)
             ltype[j]=tolower(ltype[j]);
-        for(j=0; j < strlen(item); j++)
-            item[j]=tolower(item[j]);
-        for(j=0; j < strlen(value); j++)
-            value[j]=tolower(value[j]);
 
         if (i == 4) { /* a complete line */
+	    for(j=0; j < strlen(item); j++)
+		item[j]=tolower(item[j]);
+	    for(j=0; j < strlen(value); j++)
+		value[j]=tolower(value[j]);
+
             if (strcmp(uname, domain) == 0) /* this user have a limit */
                 process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl);
             else if (domain[0]=='@' && !pl->root) {
@@ -587,7 +579,7 @@
 		return PAM_IGNORE;
 	    }
         } else {
-            pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", buf);
+            pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", line);
 	}
     }
     fclose(fil);