From e3df925e48b3bf502133a4dd781148ba9a22cdca Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Mon, 13 Apr 2020 11:56:53 +0200
Subject: [PATCH] LibC: Fix strncpy() overflow in /etc/passwd parsing

---
 Libraries/LibC/pwd.cpp | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Libraries/LibC/pwd.cpp b/Libraries/LibC/pwd.cpp
index 683f4a7d50..520a5fc8f5 100644
--- a/Libraries/LibC/pwd.cpp
+++ b/Libraries/LibC/pwd.cpp
@@ -146,11 +146,11 @@ next_entry:
     __pwdb_entry->pw_gecos = __pwdb_entry->gecos_buffer;
     __pwdb_entry->pw_dir = __pwdb_entry->dir_buffer;
     __pwdb_entry->pw_shell = __pwdb_entry->shell_buffer;
-    strncpy(__pwdb_entry->name_buffer, e_name.characters(), PWDB_STR_MAX_LEN);
-    strncpy(__pwdb_entry->passwd_buffer, e_passwd.characters(), PWDB_STR_MAX_LEN);
-    strncpy(__pwdb_entry->gecos_buffer, e_gecos.characters(), PWDB_STR_MAX_LEN);
-    strncpy(__pwdb_entry->dir_buffer, e_dir.characters(), PWDB_STR_MAX_LEN);
-    strncpy(__pwdb_entry->shell_buffer, e_shell.characters(), PWDB_STR_MAX_LEN);
+    strncpy(__pwdb_entry->name_buffer, e_name.characters(), PWDB_STR_MAX_LEN - 1);
+    strncpy(__pwdb_entry->passwd_buffer, e_passwd.characters(), PWDB_STR_MAX_LEN - 1);
+    strncpy(__pwdb_entry->gecos_buffer, e_gecos.characters(), PWDB_STR_MAX_LEN - 1);
+    strncpy(__pwdb_entry->dir_buffer, e_dir.characters(), PWDB_STR_MAX_LEN - 1);
+    strncpy(__pwdb_entry->shell_buffer, e_shell.characters(), PWDB_STR_MAX_LEN - 1);
     return __pwdb_entry;
 }