(libc_locked_map_ptr): Add new first parameter, used as class for definition.

	* nscd/nscd-client.h (libc_locked_map_ptr): Add new first
	parameter, used as class for definition.
	* nscd/nscd_getpw_r.c: Adjust for libc_locked_map_ptr change.
	(pw_map_free): Ensure no crash after memory is freed.
	* nscd/nscd_getgr.c: Likewise.  Make map externally visible.
	* nscd/nscd_gethst.c: Likewise.
	* nscd/nscd_getai.c: Use map from nscd_gethost.c.
	* nscd/nscd_initgroups.c: Use map from nscd_getgr.c.

1 files changed, 15 insertions, 1 deletions

diff --git a/nscd/nscd_getgr_r.c b/nscd/nscd_getgr_r.c
index 1b94bf584f..fc10d3ea60 100644
--- a/nscd/nscd_getgr_r.c
+++ b/nscd/nscd_getgr_r.c
@@ -204,7 +204,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
       else
 	/* We already have the data.  Just copy the group name and
 	   password.  */
-	memcpy (resultbuf->gr_name, gr_name, gr_name_len);
+	memcpy (resultbuf->gr_name, gr_name,
+		gr_resp->gr_name_len + gr_resp->gr_passwd_len);
 
       /* Clear the terminating entry.  */
       resultbuf->gr_mem[gr_resp->gr_mem_cnt] = NULL;
@@ -242,6 +243,19 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
 	  /* Copy the group member names.  */
 	  memcpy (resultbuf->gr_mem[0], gr_name + gr_name_len, total_len);
 
+	  /* Try to detect corrupt databases.  */
+	  if (resultbuf->gr_name[gr_name_len - 1] != '\0'
+	      || resultbuf->gr_passwd[gr_resp->gr_passwd_len - 1] != '\0'
+	      || ({for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt)
+		     if (resultbuf->gr_mem[cnt][len[cnt] - 1] != '\0')
+		       break;
+	  	   cnt < gr_resp->gr_mem_cnt; }))
+	    {
+	      /* We cannot use the database.  */
+	      retval = -1;
+	      goto out_close;
+	    }
+
 	  *result = resultbuf;
 	}
     }