Fix unbound stack use in NIS NSS module

author: Andreas Schwab <schwab@suse.de> 2014-05-08 16:53:01 +0200
committer: Andreas Schwab <schwab@suse.de> 2014-05-12 15:17:51 +0200
commit: 315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c (patch)
tree: 95e476e2d0ce5885684e619ddbcb5996241f4c94 /nis/nss_nis/nis-initgroups.c
parent: 91df99f7f25d7b63ba36d54e41bc33ac6901f22d (diff)
download: glibc-315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c.tar.gz
glibc-315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c.tar.xz
glibc-315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/nis/nss_nis/nis-initgroups.c b/nis/nss_nis/nis-initgroups.c
index e8fcca1bb1..9542faea48 100644
--- a/nis/nss_nis/nis-initgroups.c
+++ b/nis/nss_nis/nis-initgroups.c
@@ -150,6 +150,13 @@ initgroups_netid (uid_t uid, gid_t group, long int *start, long int *size,
 		  gid_t **groupsp, long int limit, int *errnop,
 		  const char *domainname)
 {
+  /* Limit domainname length to the maximum size of an RPC packet.  */
+  if (strlen (domainname) > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
   /* Prepare the key.  The form is "unix.UID@DOMAIN" with the UID and
      DOMAIN field filled in appropriately.  */
   char key[sizeof ("unix.@") + sizeof (uid_t) * 3 + strlen (domainname)];
author	Andreas Schwab <schwab@suse.de>	2014-05-08 16:53:01 +0200
committer	Andreas Schwab <schwab@suse.de>	2014-05-12 15:17:51 +0200
commit	315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c (patch)
tree	95e476e2d0ce5885684e619ddbcb5996241f4c94 /nis/nss_nis/nis-initgroups.c
parent	91df99f7f25d7b63ba36d54e41bc33ac6901f22d (diff)
download	glibc-315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c.tar.gz glibc-315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c.tar.xz glibc-315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c.zip