diff options
Diffstat (limited to 'nis/nss_compat')
-rw-r--r-- | nis/nss_compat/compat-grp.c | 94 | ||||
-rw-r--r-- | nis/nss_compat/compat-pwd.c | 123 | ||||
-rw-r--r-- | nis/nss_compat/compat-spwd.c | 104 |
3 files changed, 275 insertions, 46 deletions
diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c index 59165ea590..9726784b2d 100644 --- a/nis/nss_compat/compat-grp.c +++ b/nis/nss_compat/compat-grp.c @@ -218,6 +218,10 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, do { + char *save_oldkey; + int save_oldlen; + bool_t save_nis_first; + if (ent->nis_first) { if (yp_first (domain, "group.byname", &outkey, &outkeylen, @@ -226,7 +230,9 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, ent->nis = 0; return NSS_STATUS_UNAVAIL; } - + save_oldkey = ent->oldkey; + save_oldlen = ent->oldkeylen; + save_nis_first = TRUE; ent->oldkey = outkey; ent->oldkeylen = outkeylen; ent->nis_first = FALSE; @@ -241,7 +247,9 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, return NSS_STATUS_NOTFOUND; } - free (ent->oldkey); + save_oldkey = ent->oldkey; + save_oldlen = ent->oldkeylen; + save_nis_first = FALSE; ent->oldkey = outkey; ent->oldkeylen = outkeylen; } @@ -255,8 +263,21 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, while (isspace (*p)) ++p; - parse_res = _nss_files_parse_grent (p, result, data, buflen); - + if ((parse_res = _nss_files_parse_grent (p, result, data, buflen)) == -1) + { + free (ent->oldkey); + ent->oldkey = save_oldkey; + ent->oldkeylen = save_oldlen; + ent->nis_first = save_nis_first; + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + else + { + if (!save_nis_first) + free (save_oldkey); + } + if (parse_res && in_blacklist (result->gr_name, strlen (result->gr_name), ent)) parse_res = 0; /* if result->gr_name in blacklist,search next entry */ @@ -274,8 +295,13 @@ getgrent_next_nisplus (struct group *result, ent_t *ent, char *buffer, do { + nis_result *save_oldres; + bool_t save_nis_first; + if (ent->nis_first) { + save_oldres = ent->result; + save_nis_first = TRUE; ent->result = nis_first_entry(grptable); if (niserr2nss (ent->result->status) != NSS_STATUS_SUCCESS) { @@ -288,8 +314,9 @@ getgrent_next_nisplus (struct group *result, ent_t *ent, char *buffer, { nis_result *res; + save_oldres = ent->result; + save_nis_first = FALSE; res = nis_next_entry(grptable, &ent->result->cookie); - nis_freeresult (ent->result); ent->result = res; if (niserr2nss (ent->result->status) != NSS_STATUS_SUCCESS) { @@ -297,8 +324,21 @@ getgrent_next_nisplus (struct group *result, ent_t *ent, char *buffer, return niserr2nss (ent->result->status); } } - parse_res = _nss_nisplus_parse_grent (ent->result, 0, result, buffer, - buflen); + if ((parse_res = _nss_nisplus_parse_grent (ent->result, 0, result, + buffer, buflen)) == -1) + { + nis_freeresult (ent->result); + ent->result = save_oldres; + ent->nis_first = save_nis_first; + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + else + { + if (!save_nis_first) + nis_freeresult (save_oldres); + } + if (parse_res && in_blacklist (result->gr_name, strlen (result->gr_name), ent)) parse_res = 0; /* if result->gr_name in blacklist,search next entry */ @@ -330,7 +370,13 @@ getgrent_next_file_plusgroup (struct group *result, char *buffer, nis_freeresult (res); return status; } - parse_res = _nss_nisplus_parse_grent (res, 0, result, buffer, buflen); + if ((parse_res = _nss_nisplus_parse_grent (res, 0, result, buffer, + buflen)) == -1) + { + __set_errno (ERANGE); + nis_freeresult (res); + return NSS_STATUS_TRYAGAIN; + } nis_freeresult (res); } else /* Use NIS */ @@ -350,7 +396,11 @@ getgrent_next_file_plusgroup (struct group *result, char *buffer, free (outval); while (isspace (*p)) p++; - parse_res = _nss_files_parse_grent (p, result, data, buflen); + if ((parse_res = _nss_files_parse_grent (p, result, data, buflen)) == -1) + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } } if (parse_res) @@ -368,13 +418,24 @@ getgrent_next_file (struct group *result, ent_t *ent, struct parser_data *data = (void *) buffer; while (1) { + fpos_t pos; + int parse_res = 0; char *p; do { + fgetpos (ent->stream, &pos); p = fgets (buffer, buflen, ent->stream); if (p == NULL) - return NSS_STATUS_NOTFOUND; + { + if (feof (ent->stream)) + return NSS_STATUS_NOTFOUND; + else + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + } /* Terminate the line for any case. */ buffer[buflen - 1] = '\0'; @@ -383,11 +444,18 @@ getgrent_next_file (struct group *result, ent_t *ent, while (isspace (*p)) ++p; } - /* Ignore empty and comment lines. */ - while (*p == '\0' || *p == '#' || + while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ /* Parse the line. If it is invalid, loop to get the next line of the file to parse. */ - !_nss_files_parse_grent (p, result, data, buflen)); + !(parse_res = _nss_files_parse_grent (p, result, data, buflen))); + + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } if (result->gr_name[0] != '+' && result->gr_name[0] != '-') /* This is a real entry. */ diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c index 0d0f2a6c33..af1267922c 100644 --- a/nis/nss_compat/compat-pwd.c +++ b/nis/nss_compat/compat-pwd.c @@ -272,6 +272,9 @@ internal_endpwent (ent_t *ent) ent->stream = NULL; } + if (ent->netgroup) + __internal_endnetgrent (&ent->netgrdata); + ent->nis = ent->first = ent->netgroup = 0; if (ent->oldkey != NULL) @@ -303,9 +306,6 @@ _nss_compat_endpwent (void) __libc_lock_lock (lock); - if (ext_ent.netgroup) - __internal_endnetgrent (&ext_ent.netgrdata); - result = internal_endpwent (&ext_ent); __libc_lock_unlock (lock); @@ -339,6 +339,10 @@ getpwent_next_nis_netgr (struct passwd *result, ent_t *ent, char *group, while (1) { + char *saved_cursor; + int parse_res; + + saved_cursor = ent->netgrdata.cursor; status = __internal_getnetgrent_r (&host, &user, &domain, &ent->netgrdata, buffer, buflen); if (status != 1) @@ -372,7 +376,13 @@ getpwent_next_nis_netgr (struct passwd *result, ent_t *ent, char *group, while (isspace (*p)) p++; free (outval); - if (_nss_files_parse_pwent (p, result, data, buflen)) + if ((parse_res = _nss_files_parse_pwent (p, result, data, buflen)) == -1) + { + ent->netgrdata.cursor = saved_cursor; + return NSS_STATUS_TRYAGAIN; + } + + if (parse_res) { copy_pwd_changes (result, &ent->pwd, p2, p2len); break; @@ -410,6 +420,9 @@ getpwent_next_nisplus_netgr (struct passwd *result, ent_t *ent, char *group, while (1) { + char *saved_cursor; + + saved_cursor = ent->netgrdata.cursor; status = __internal_getnetgrent_r (&host, &user, &domain, &ent->netgrdata, buffer, buflen); if (status != 1) @@ -419,13 +432,13 @@ getpwent_next_nisplus_netgr (struct passwd *result, ent_t *ent, char *group, give_pwd_free (&ent->pwd); return NSS_STATUS_RETURN; } - + if (user == NULL || user[0] == '-') continue; - + if (domain != NULL && strcmp (ypdomain, domain) != 0) continue; - + p2len = pwd_need_buflen (&ent->pwd); if (p2len > buflen) { @@ -444,7 +457,13 @@ getpwent_next_nisplus_netgr (struct passwd *result, ent_t *ent, char *group, nis_freeresult (nisres); continue; } - parse_res = _nss_nisplus_parse_pwent (nisres, result, buffer, buflen); + if ((parse_res = _nss_nisplus_parse_pwent (nisres, result, buffer, + buflen)) == -1) + { + nis_freeresult (nisres); + ent->netgrdata.cursor = saved_cursor; + return NSS_STATUS_TRYAGAIN; + } nis_freeresult (nisres); if (parse_res) @@ -485,8 +504,14 @@ getpwent_next_nisplus (struct passwd *result, ent_t *ent, char *buffer, buflen -= p2len; do { + bool_t saved_first; + nis_result *saved_res; + if (ent->first) { + saved_first = TRUE; + saved_res = ent->result; + ent->result = nis_first_entry(pwdtable); if (niserr2nss (ent->result->status) != NSS_STATUS_SUCCESS) { @@ -501,17 +526,32 @@ getpwent_next_nisplus (struct passwd *result, ent_t *ent, char *buffer, nis_result *res; res = nis_next_entry(pwdtable, &ent->result->cookie); - nis_freeresult (ent->result); + saved_res = ent->result; + saved_first = FALSE; ent->result = res; if (niserr2nss (ent->result->status) != NSS_STATUS_SUCCESS) { ent->nis = 0; + nis_freeresult (saved_res); give_pwd_free (&ent->pwd); return niserr2nss (ent->result->status); } } - parse_res = _nss_nisplus_parse_pwent (ent->result, result, buffer, - buflen); + if ((parse_res = _nss_nisplus_parse_pwent (ent->result, result, buffer, + buflen)) == -1) + { + nis_freeresult (ent->result); + ent->result = saved_res; + ent->first = saved_first; + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + else + { + if (!saved_first) + nis_freeresult (saved_res); + } + if (parse_res && in_blacklist (result->pw_name, strlen (result->pw_name), ent)) parse_res = 0; /* if result->pw_name in blacklist,search next entry */ @@ -549,6 +589,10 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, buflen -= p2len; do { + bool_t saved_first; + char *saved_oldkey; + int saved_oldlen; + if (ent->first) { if (yp_first (domain, "passwd.byname", &outkey, &outkeylen, @@ -558,7 +602,10 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, give_pwd_free (&ent->pwd); return NSS_STATUS_UNAVAIL; } - + + saved_first = TRUE; + saved_oldkey = ent->oldkey; + saved_oldlen = ent->oldkeylen; ent->oldkey = outkey; ent->oldkeylen = outkeylen; ent->first = FALSE; @@ -574,7 +621,9 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, return NSS_STATUS_NOTFOUND; } - free (ent->oldkey); + saved_first = FALSE; + saved_oldkey = ent->oldkey; + saved_oldlen = ent->oldkeylen; ent->oldkey = outkey; ent->oldkeylen = outkeylen; } @@ -587,7 +636,20 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, while (isspace (*p)) ++p; - parse_res = _nss_files_parse_pwent (p, result, data, buflen); + if ((parse_res = _nss_files_parse_pwent (p, result, data, buflen)) == -1) + { + free (ent->oldkey); + ent->oldkey = saved_oldkey; + ent->oldkeylen = saved_oldlen; + ent->first = saved_first; + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + else + { + if (!saved_first) + free (saved_oldkey); + } if (parse_res && in_blacklist (result->pw_name, strlen (result->pw_name), ent)) parse_res = 0; @@ -637,7 +699,13 @@ getpwent_next_file_plususer (struct passwd *result, char *buffer, nis_freeresult (res); return status; } - parse_res = _nss_nisplus_parse_pwent (res, result, buffer, buflen); + if ((parse_res = _nss_nisplus_parse_pwent (res, result, buffer, + buflen)) == -1) + { + nis_freeresult (res); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } nis_freeresult (res); } else /* Use NIS */ @@ -645,10 +713,10 @@ getpwent_next_file_plususer (struct passwd *result, char *buffer, char *domain; char *outval; int outvallen; - + if (yp_get_default_domain (&domain) != YPERR_SUCCESS) return NSS_STATUS_TRYAGAIN; - + if (yp_match (domain, "passwd.byname", &result->pw_name[1], strlen (result->pw_name) - 1, &outval, &outvallen) != YPERR_SUCCESS) @@ -658,10 +726,14 @@ getpwent_next_file_plususer (struct passwd *result, char *buffer, free (outval); while (isspace (*p)) p++; - parse_res = _nss_files_parse_pwent (p, result, data, buflen); + if ((parse_res = _nss_files_parse_pwent (p, result, data, buflen)) == -1) + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } } - if (parse_res) + if (parse_res > 0) { copy_pwd_changes (result, &pwd, p, plen); give_pwd_free (&pwd); @@ -684,10 +756,13 @@ getpwent_next_file (struct passwd *result, ent_t *ent, struct parser_data *data = (void *) buffer; while (1) { + fpos_t pos; char *p; + int parse_res; do { + fgetpos (ent->stream, &pos); p = fgets (buffer, buflen, ent->stream); if (p == NULL) return NSS_STATUS_NOTFOUND; @@ -702,7 +777,15 @@ getpwent_next_file (struct passwd *result, ent_t *ent, while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ /* Parse the line. If it is invalid, loop to get the next line of the file to parse. */ - !_nss_files_parse_pwent (p, result, data, buflen)); + !(parse_res = _nss_files_parse_pwent (p, result, data, buflen))); + + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } if (result->pw_name[0] != '+' && result->pw_name[0] != '-') /* This is a real entry. */ diff --git a/nis/nss_compat/compat-spwd.c b/nis/nss_compat/compat-spwd.c index 4199baf202..61a703c1ea 100644 --- a/nis/nss_compat/compat-spwd.c +++ b/nis/nss_compat/compat-spwd.c @@ -292,6 +292,10 @@ getspent_next_nis_netgr (struct spwd *result, ent_t *ent, char *group, while (1) { + char *saved_cursor; + int parse_res; + + saved_cursor = ent->netgrdata.cursor; status = __internal_getnetgrent_r (&host, &user, &domain, &ent->netgrdata, buffer, buflen); if (status != 1) @@ -301,10 +305,10 @@ getspent_next_nis_netgr (struct spwd *result, ent_t *ent, char *group, give_spwd_free (&ent->pwd); return NSS_STATUS_RETURN; } - + if (user == NULL || user[0] == '-') continue; - + if (domain != NULL && strcmp (ypdomain, domain) != 0) continue; @@ -325,7 +329,13 @@ getspent_next_nis_netgr (struct spwd *result, ent_t *ent, char *group, while (isspace (*p)) p++; free (outval); - if (_nss_files_parse_spent (p, result, data, buflen)) + if ((parse_res = _nss_files_parse_spent (p, result, data, buflen)) == -1) + { + ent->netgrdata.cursor = saved_cursor; + return NSS_STATUS_TRYAGAIN; + } + + if (parse_res) { copy_spwd_changes (result, &ent->pwd, p2, p2len); break; @@ -363,6 +373,9 @@ getspent_next_nisplus_netgr (struct spwd *result, ent_t *ent, char *group, while (1) { + char *saved_cursor; + + saved_cursor = ent->netgrdata.cursor; status = __internal_getnetgrent_r (&host, &user, &domain, &ent->netgrdata, buffer, buflen); if (status != 1) @@ -397,7 +410,12 @@ getspent_next_nisplus_netgr (struct spwd *result, ent_t *ent, char *group, nis_freeresult (nisres); continue; } - parse_res = _nss_nisplus_parse_spent (nisres, result, buffer, buflen); + if ((parse_res = _nss_nisplus_parse_spent (nisres, result, buffer, + buflen)) == -1) + { + nis_freeresult (nisres); + return NSS_STATUS_TRYAGAIN; + } nis_freeresult (nisres); if (parse_res) @@ -438,8 +456,14 @@ getspent_next_nisplus (struct spwd *result, ent_t *ent, char *buffer, buflen -= p2len; do { + bool_t saved_first; + nis_result *saved_res; + if (ent->first) { + saved_first = TRUE; + saved_res = ent->result; + ent->result = nis_first_entry(pwdtable); if (niserr2nss (ent->result->status) != NSS_STATUS_SUCCESS) { @@ -453,18 +477,33 @@ getspent_next_nisplus (struct spwd *result, ent_t *ent, char *buffer, { nis_result *res; + saved_first = FALSE; + saved_res = ent->result; + res = nis_next_entry(pwdtable, &ent->result->cookie); - nis_freeresult (ent->result); ent->result = res; if (niserr2nss (ent->result->status) != NSS_STATUS_SUCCESS) { + nis_freeresult (saved_res); ent->nis = 0; give_spwd_free (&ent->pwd); return niserr2nss (ent->result->status); } } - parse_res = _nss_nisplus_parse_spent (ent->result, result, buffer, - buflen); + if ((parse_res = _nss_nisplus_parse_spent (ent->result, result, buffer, + buflen)) == -1) + { + ent->first = saved_first; + nis_freeresult (ent->result); + ent->result = saved_res; + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + else + { + if (!saved_first) + nis_freeresult (saved_res); + } if (parse_res && in_blacklist (result->sp_namp, strlen (result->sp_namp), ent)) parse_res = 0; /* if result->pw_name in blacklist,search next entry */ @@ -503,6 +542,10 @@ getspent_next_nis (struct spwd *result, ent_t *ent, buflen -= p2len; do { + bool_t saved_first; + char *saved_oldkey; + int saved_oldlen; + if (ent->first) { if (yp_first (domain, "shadow.byname", &outkey, &outkeylen, @@ -512,7 +555,9 @@ getspent_next_nis (struct spwd *result, ent_t *ent, give_spwd_free (&ent->pwd); return NSS_STATUS_UNAVAIL; } - + saved_first = TRUE; + saved_oldkey = ent->oldkey; + saved_oldlen = ent->oldkeylen; ent->oldkey = outkey; ent->oldkeylen = outkeylen; ent->first = FALSE; @@ -528,7 +573,9 @@ getspent_next_nis (struct spwd *result, ent_t *ent, return NSS_STATUS_NOTFOUND; } - free (ent->oldkey); + saved_first = FALSE; + saved_oldkey = ent->oldkey; + saved_oldlen = ent->oldkeylen; ent->oldkey = outkey; ent->oldkeylen = outkeylen; } @@ -541,7 +588,20 @@ getspent_next_nis (struct spwd *result, ent_t *ent, while (isspace (*p)) ++p; - parse_res = _nss_files_parse_spent (p, result, data, buflen); + if ((parse_res = _nss_files_parse_spent (p, result, data, buflen)) == -1) + { + free (ent->oldkey); + ent->oldkey = saved_oldkey; + ent->oldkeylen = saved_oldlen; + ent->first = saved_first; + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + else + { + if (!saved_first) + free (saved_oldkey); + } if (parse_res && in_blacklist (result->sp_namp, strlen (result->sp_namp), ent)) parse_res = 0; @@ -591,7 +651,12 @@ getspent_next_file_plususer (struct spwd *result, char *buffer, nis_freeresult (res); return status; } - parse_res = _nss_nisplus_parse_spent (res, result, buffer, buflen); + if ((parse_res = _nss_nisplus_parse_spent (res, result, buffer, + buflen)) == -1) + { + nis_freeresult (res); + return NSS_STATUS_TRYAGAIN; + } nis_freeresult (res); } else /* Use NIS */ @@ -612,7 +677,8 @@ getspent_next_file_plususer (struct spwd *result, char *buffer, free (outval); while (isspace (*p)) p++; - parse_res = _nss_files_parse_spent (p, result, data, buflen); + if ((parse_res = _nss_files_parse_spent (p, result, data, buflen)) == -1) + return NSS_STATUS_TRYAGAIN; } if (parse_res) @@ -638,10 +704,13 @@ getspent_next_file (struct spwd *result, ent_t *ent, struct parser_data *data = (void *) buffer; while (1) { + fpos_t pos; + int parse_res = 0; char *p; do { + fgetpos (ent->stream, &pos); p = fgets (buffer, buflen, ent->stream); if (p == NULL) return NSS_STATUS_NOTFOUND; @@ -656,8 +725,17 @@ getspent_next_file (struct spwd *result, ent_t *ent, while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */ /* Parse the line. If it is invalid, loop to get the next line of the file to parse. */ - || !_nss_files_parse_spent (p, result, data, buflen)); + || !(parse_res = _nss_files_parse_spent (p, result, data, + buflen))); + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-') /* This is a real entry. */ break; |