From 9c6d2c487f50d515d063244d2a5251365f67994f Mon Sep 17 00:00:00 2001
From: Moe-hacker <moe-hacker@outlook.com>
Date: Fri, 22 Nov 2024 08:00:02 +0000
Subject: [PATCH] Avoid buffer overflow when /etc/passwd is wrong

---
 src/passwd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/passwd.c b/src/passwd.c
index d92a88a6..ca2d8629 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -38,7 +38,7 @@ static char *line_get_username(const char *_Nonnull p)
 	// /etc/passwd format:
 	// name:password:uid:gid:comment:home directory:login shell
 	// So we only need the string before the first colon.
-	for (int i = 0; p[i] != '\0'; i++) {
+	for (int i = 0; p[i] != '\0' && i < (LOGIN_NAME_MAX * 2); i++) {
 		if (p[i] == ':') {
 			break;
 		}