===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/chpass/edit.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -c -r1.8 -r1.9
*** src/usr.bin/chpass/edit.c	1996/08/31 01:55:33	1.8
--- src/usr.bin/chpass/edit.c	1996/08/31 13:35:23	1.9
***************
*** 1,4 ****
! /*	$OpenBSD: edit.c,v 1.8 1996/08/31 01:55:33 deraadt Exp $	*/
  /*	$NetBSD: edit.c,v 1.6 1996/05/15 21:50:45 jtc Exp $	*/
  
  /*-
--- 1,4 ----
! /*	$OpenBSD: edit.c,v 1.9 1996/08/31 13:35:23 deraadt Exp $	*/
  /*	$NetBSD: edit.c,v 1.6 1996/05/15 21:50:45 jtc Exp $	*/
  
  /*-
***************
*** 38,44 ****
  #if 0
  static char sccsid[] = "@(#)edit.c	8.3 (Berkeley) 4/2/94";
  #else
! static char rcsid[] = "$OpenBSD: edit.c,v 1.8 1996/08/31 01:55:33 deraadt Exp $";
  #endif
  #endif /* not lint */
  
--- 38,44 ----
  #if 0
  static char sccsid[] = "@(#)edit.c	8.3 (Berkeley) 4/2/94";
  #else
! static char rcsid[] = "$OpenBSD: edit.c,v 1.9 1996/08/31 13:35:23 deraadt Exp $";
  #endif
  #endif /* not lint */
  
***************
*** 148,154 ****
  	char *p;
  	struct stat sb;
  	FILE *fp;
! 	int len;
  	static char buf[LINE_MAX];
  
  	if (!(fp = fopen(tempname, "r")))
--- 148,154 ----
  	char *p;
  	struct stat sb;
  	FILE *fp;
! 	int len, alen;
  	static char buf[LINE_MAX];
  
  	if (!(fp = fopen(tempname, "r")))
***************
*** 203,208 ****
--- 203,211 ----
  	/* Build the gecos field. */
  	len = strlen(list[E_NAME].save) + strlen(list[E_BPHONE].save) +
  	    strlen(list[E_HPHONE].save) + strlen(list[E_LOCATE].save) + 4;
+ 	for (alen = 0, p = list[E_NAME].save; *p; p++)
+ 		if (*p == '&')
+ 			alen = alen + strlen(pw->pw_name) - 1;
  	if (!(p = malloc(len)))
  		err(1, NULL);
  	(void)sprintf(pw->pw_gecos = p, "%s,%s,%s,%s", list[E_NAME].save,
***************
*** 212,221 ****
  	    "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s",
  	    pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid, pw->pw_class,
  	    pw->pw_change, pw->pw_expire, pw->pw_gecos, pw->pw_dir,
! 	    pw->pw_shell) >= sizeof(buf)) {
  		warnx("entries too long");
  		return (0);
  	}
! 	/* must leave p allocated */
  	return (pw_scan(buf, pw, (int *)NULL));
  }
--- 215,227 ----
  	    "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s",
  	    pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid, pw->pw_class,
  	    pw->pw_change, pw->pw_expire, pw->pw_gecos, pw->pw_dir,
! 	    pw->pw_shell) >= sizeof(buf) ||
! 	    strlen(buf) + alen >= sizeof(buf) -1) {
  		warnx("entries too long");
+ 		free(p);
  		return (0);
  	}
! 	free(p);
! 
  	return (pw_scan(buf, pw, (int *)NULL));
  }