fix parsing vulnerability

rdo.c

@@ -33,22 +33,23 @@ char* getpwhash(struct passwd* pw) {
 void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
     char* line = NULL;
     size_t len = 0;
+    size_t entry_len = strlen(entry);
 
     fseek(fp, 0, SEEK_SET);
 
     while (getline(&line, &len, fp) != -1) {
-        if (strncmp(entry, line, strlen(entry)) == 0) {
+        if (strncmp(line, entry, entry_len) == 0 &&
-            strtok(line, "=");
+            (line[entry_len] == '=')) {
-            char* token = strtok(NULL, "=");
+            char* value = line + entry_len + 1;
-            if (token) {
+            value[strcspn(value, "\n")] = 0;
-                strncpy(result, token, len_result);
+            strncpy(result, value, len_result);
-                result[strcspn(result, "\n")] = 0;
+            result[len_result - 1] = '\0';
-                free(line);
+            free(line);
-                return;
+            return;
-            }
         }
     }
 
+    free(line);
     errx(1, "Could not get '%s' entry in config", entry);
 }