From 4aab1431ed6c63457bdf2b3cb5dfba46a8732e37 Mon Sep 17 00:00:00 2001
From: lily <gentop>
Date: Wed, 13 Aug 2025 08:12:38 +1000
Subject: [PATCH] fix parsing vulnerability

---
 rdo.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/rdo.c b/rdo.c
index 3d9c2e1..33444da 100644
--- a/rdo.c
+++ b/rdo.c
@@ -33,22 +33,23 @@ char* getpwhash(struct passwd* pw) {
 void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
     char* line = NULL;
     size_t len = 0;
+    size_t entry_len = strlen(entry);
 
     fseek(fp, 0, SEEK_SET);
 
     while (getline(&line, &len, fp) != -1) {
-        if (strncmp(entry, line, strlen(entry)) == 0) {
-            strtok(line, "=");
-            char* token = strtok(NULL, "=");
-            if (token) {
-                strncpy(result, token, len_result);
-                result[strcspn(result, "\n")] = 0;
-                free(line);
-                return;
-            }
+        if (strncmp(line, entry, entry_len) == 0 &&
+            (line[entry_len] == '=')) {
+            char* value = line + entry_len + 1;
+            value[strcspn(value, "\n")] = 0;
+            strncpy(result, value, len_result);
+            result[len_result - 1] = '\0';
+            free(line);
+            return;
         }
     }
 
+    free(line);
     errx(1, "Could not get '%s' entry in config", entry);
 }