about summary refs log tree commit diff
path: root/nis/nss_compat/compat-pwd.c
diff options
context:
space:
mode:
Diffstat (limited to 'nis/nss_compat/compat-pwd.c')
-rw-r--r--nis/nss_compat/compat-pwd.c48
1 files changed, 41 insertions, 7 deletions
diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c
index 5bfff17ca5..eec2634f3a 100644
--- a/nis/nss_compat/compat-pwd.c
+++ b/nis/nss_compat/compat-pwd.c
@@ -393,7 +393,7 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent,
       if (domain != NULL && strcmp (ypdomain, domain) != 0)
 	continue;
 
-      /* If name != NULL, we are called from getpwnam */
+      /* If name != NULL, we are called from getpwnam.  */
       if (name != NULL)
 	if (strcmp (user, name) != 0)
 	  continue;
@@ -406,12 +406,21 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent,
       p2len = pwd_need_buflen (&ent->pwd);
       if (p2len > buflen)
 	{
+	  free (outval);
 	  *errnop = ERANGE;
 	  return NSS_STATUS_TRYAGAIN;
 	}
       p2 = buffer + (buflen - p2len);
       buflen -= p2len;
+
+      if (buflen < ((size_t) outvallen + 1))
+	{
+	  free (outval);
+	  *errnop = ERANGE;
+	  return NSS_STATUS_TRYAGAIN;
+	}
       p = strncpy (buffer, outval, buflen);
+
       while (isspace (*p))
 	p++;
       free (outval);
@@ -650,6 +659,13 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer,
 	      return NSS_STATUS_UNAVAIL;
 	    }
 
+	  if (buflen < ((size_t) outvallen + 1))
+	    {
+	      free (outval);
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  saved_first = TRUE;
 	  saved_oldkey = ent->oldkey;
 	  saved_oldlen = ent->oldkeylen;
@@ -668,6 +684,13 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer,
 	      return NSS_STATUS_NOTFOUND;
 	    }
 
+	  if (buflen < ((size_t) outvallen + 1))
+	    {
+	      free (outval);
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  saved_first = FALSE;
 	  saved_oldkey = ent->oldkey;
 	  saved_oldlen = ent->oldkeylen;
@@ -769,9 +792,13 @@ getpwnam_plususer (const char *name, struct passwd *result, char *buffer,
 		    &outval, &outvallen) != YPERR_SUCCESS)
 	return NSS_STATUS_NOTFOUND;
 
-      ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
-		     buflen : (size_t) outvallen);
-      buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+      if (buflen < ((size_t) outvallen + 1))
+	{
+	  free (outval);
+	  *errnop = ERANGE;
+	  return NSS_STATUS_TRYAGAIN;
+	}
+      ptr = strncpy (buffer, outval, buflen);
       free (outval);
       while (isspace (*ptr))
 	ptr++;
@@ -1259,10 +1286,17 @@ getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
 	  *errnop = errno;
 	  return NSS_STATUS_TRYAGAIN;
 	}
-      ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
-		     buflen : (size_t) outvallen);
-      buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+
+      if ( buflen < ((size_t) outvallen + 1))
+	{
+	  free (outval);
+	  *errnop = ERANGE;
+	  return NSS_STATUS_TRYAGAIN;
+	}
+
+      ptr = strncpy (buffer, outval, buflen);
       free (outval);
+
       while (isspace (*ptr))
 	ptr++;
       parse_res = _nss_files_parse_pwent (ptr, result, data, buflen, errnop);