lib/port.c: getportent(): Make sure the aren't too many fields in the CSV

Otherwise, the line is invalidly formatted, and we ignore it.

Detailed explanation:

There are two conditions on which we break out of the loops that precede
these added checks:

-  j is too big (we've exhausted the space in the static arrays)

	$ grep -r -e PORT_TTY -e PORT_IDS lib/port.*
	lib/port.c:	static char *ttys[PORT_TTY + 1];	/* some pointers to tty names     */
	lib/port.c:	static char *users[PORT_IDS + 1];	/* some pointers to user ids     */
	lib/port.c:	for (cp = buf, j = 0; j < PORT_TTY; j++) {
	lib/port.c:			if ((',' == *cp) && (j < PORT_IDS)) {
	lib/port.h: * PORT_IDS - Allowable number of IDs per entry.
	lib/port.h: * PORT_TTY - Allowable number of TTYs per entry.
	lib/port.h:#define	PORT_IDS	64
	lib/port.h:#define	PORT_TTY	64

-  strpbrk(3) found a ':', which signals the end of the comma-sepatated
   list, and the start of the next colon-separated field.

If the first character in the remainder of the string is not a ':', it
means we've exhausted the array size, but the CSV list was longer, so
we'd be truncating it.  Consider the entire line invalid, and skip it.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: a19805445672 ("lib/port.c: getportent(): Make sure the aren't too many fields in the CSV")
Link: <https://github.com/shadow-maint/shadow/pull/1037>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/port.c

@@ -156,6 +156,9 @@ next:
 		if (',' == *cp)		/* end of current tty name */
 			stpcpy(cp++, "");
 	}
+	if (':' != *cp)
+		goto next;
+
 	stpcpy(cp++, "");
 	port.pt_names[j] = NULL;
 
@@ -185,10 +188,8 @@ next:
 	} else {
 		port.pt_users = 0;
 	}
-
-	if (':' != *cp) {
+	if (':' != *cp)
 		goto next;
-	}
 
 	*cp = '\0';
 	cp++;