diff options
| author | Ulrich Drepper <drepper@redhat.com> | 2004-09-12 20:38:38 +0000 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 2004-09-12 20:38:38 +0000 |
| commit | 20f8e6663accb3d318630e8ec4a08ed37521fce6 (patch) | |
| tree | a780fced9cb6d492f91e89edbefa791a383e8572 /nis/nss_compat/compat-pwd.c | |
| parent | ccc63b07082c257ffc6fe0b0bbf770283bb44e98 (diff) | |
| download | glibc-20f8e6663accb3d318630e8ec4a08ed37521fce6.tar.gz glibc-20f8e6663accb3d318630e8ec4a08ed37521fce6.tar.xz glibc-20f8e6663accb3d318630e8ec4a08ed37521fce6.zip | |
Update.
2004-09-11 Thorsten Kukuk <kukuk@suse.de> * nis/nss_compat/compat-grp.c: Check that buflen is greater zero before writing data into the buffer with negative offset. * nis/nss_compat/compat-initgroups.c: Likewise. * nis/nss_compat/compat-pwd.c: Likewise. * nis/nss_compat/compat-spwd.c Likewise.
Diffstat (limited to 'nis/nss_compat/compat-pwd.c')
| -rw-r--r-- | nis/nss_compat/compat-pwd.c | 74 |
1 files changed, 43 insertions, 31 deletions
diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c index b8c5890b5b..89a6a7013e 100644 --- a/nis/nss_compat/compat-pwd.c +++ b/nis/nss_compat/compat-pwd.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1996-1999,2001,2002,2003 Free Software Foundation, Inc. +/* Copyright (C) 1996-1999,2001,2002,2003,2004 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996. @@ -499,17 +499,25 @@ getpwent_next_file (struct passwd *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); if (p == NULL && feof_unlocked (ent->stream)) return NSS_STATUS_NOTFOUND; - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -525,13 +533,9 @@ getpwent_next_file (struct passwd *result, ent_t *ent, !(parse_res = _nss_files_parse_pwent (p, result, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; if (result->pw_name[0] != '+' && result->pw_name[0] != '-') /* This is a real entry. */ @@ -694,6 +698,14 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); @@ -701,11 +713,11 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent, { return NSS_STATUS_NOTFOUND; } - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -721,13 +733,9 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent, !(parse_res = _nss_files_parse_pwent (p, result, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; /* This is a real entry. */ if (result->pw_name[0] != '+' && result->pw_name[0] != '-') @@ -897,17 +905,25 @@ internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); if (p == NULL && feof_unlocked (ent->stream)) return NSS_STATUS_NOTFOUND; - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -923,13 +939,9 @@ internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent, !(parse_res = _nss_files_parse_pwent (p, result, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; /* This is a real entry. */ if (result->pw_name[0] != '+' && result->pw_name[0] != '-') |