Fix possible buffer overflow: buflen (a size_t*) was being used

directly in a comparison instead of being dereferenced

diff --git a/nss_afs.c b/nss_afs.c
index aa9ed1a..126b5c5 100644 (file)
--- a/nss_afs.c
+++ b/nss_afs.c
@@ -138,7 +138,7 @@ enum nss_status ptsid2name(int uid, char **buffer, int *buflen) {
   ret = NSS_STATUS_NOTFOUND;
   for (i=0;i<lnames.namelist_len;i++) {
     int delta = strlen(lnames.namelist_val[i]);
-    if ( (delta < buflen) && islower(*(lnames.namelist_val[i])) ) {
+    if ( (delta < *buflen) && islower(*(lnames.namelist_val[i])) ) {
       cpstr(lnames.namelist_val[i], buffer, buflen);
       ret = NSS_STATUS_SUCCESS;
     }