summary refs log tree commit diff
path: root/nscd/nscd_getpw_r.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2004-11-10 07:50:03 +0000
committerUlrich Drepper <drepper@redhat.com>2004-11-10 07:50:03 +0000
commit5429ff760a5544a34c5f05f16c01a7dffa505604 (patch)
treeff81df09d20cae4092329dc25a3ed32fe7c0fc66 /nscd/nscd_getpw_r.c
parent81b5ae0811c4da3701d08afa07a9b9159aac56e5 (diff)
downloadglibc-5429ff760a5544a34c5f05f16c01a7dffa505604.tar.gz
glibc-5429ff760a5544a34c5f05f16c01a7dffa505604.tar.xz
glibc-5429ff760a5544a34c5f05f16c01a7dffa505604.zip
(libc_locked_map_ptr): Add new first parameter, used as class for definition.
	* nscd/nscd-client.h (libc_locked_map_ptr): Add new first
	parameter, used as class for definition.
	* nscd/nscd_getpw_r.c: Adjust for libc_locked_map_ptr change.
	(pw_map_free): Ensure no crash after memory is freed.
	* nscd/nscd_getgr.c: Likewise.  Make map externally visible.
	* nscd/nscd_gethst.c: Likewise.
	* nscd/nscd_getai.c: Use map from nscd_gethost.c.
	* nscd/nscd_initgroups.c: Use map from nscd_getgr.c.
Diffstat (limited to 'nscd/nscd_getpw_r.c')
-rw-r--r--nscd/nscd_getpw_r.c22
1 files changed, 19 insertions, 3 deletions
diff --git a/nscd/nscd_getpw_r.c b/nscd/nscd_getpw_r.c
index b04dcfaa99..fe5fb43ca1 100644
--- a/nscd/nscd_getpw_r.c
+++ b/nscd/nscd_getpw_r.c
@@ -66,14 +66,18 @@ __nscd_getpwuid_r (uid_t uid, struct passwd *resultbuf, char *buffer,
 }
 
 
-libc_locked_map_ptr (map_handle);
+libc_locked_map_ptr (static, map_handle);
 /* Note that we only free the structure if necessary.  The memory
    mapping is not removed since it is not visible to the malloc
    handling.  */
-libc_freeres_fn (gr_map_free)
+libc_freeres_fn (pw_map_free)
 {
   if (map_handle.mapped != NO_MAPPING)
-    free (map_handle.mapped);
+    {
+      void *p = map_handle.mapped;
+      map_handle.mapped = NO_MAPPING;
+      free (p);
+    }
 }
 
 
@@ -184,6 +188,18 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type,
 	  /* Copy the various strings.  */
 	  memcpy (resultbuf->pw_name, pw_name, total);
 
+	  /* Try to detect corrupt databases.  */
+	  if (resultbuf->pw_name[pw_resp->pw_name_len - 1] != '\0'
+	      || resultbuf->pw_passwd[pw_resp->pw_passwd_len - 1] != '\0'
+	      || resultbuf->pw_gecos[pw_resp->pw_gecos_len - 1] != '\0'
+	      || resultbuf->pw_dir[pw_resp->pw_dir_len - 1] != '\0'
+	      || resultbuf->pw_shell[pw_resp->pw_shell_len - 1] != '\0')
+	    {
+	      /* We cannot use the database.  */
+	      retval = -1;
+	      goto out_close;
+	    }
+
 	  *result = resultbuf;
 	}
     }