diff options
Diffstat (limited to 'nis')
| -rw-r--r-- | nis/nis_cache.c | 2 | ||||
| -rw-r--r-- | nis/nss_compat/compat-grp.c | 45 | ||||
| -rw-r--r-- | nis/nss_compat/compat-pwd.c | 48 | ||||
| -rw-r--r-- | nis/nss_compat/compat-spwd.c | 33 |
4 files changed, 113 insertions, 15 deletions
diff --git a/nis/nis_cache.c b/nis/nis_cache.c index a0e1130077..26cac675a5 100644 --- a/nis/nis_cache.c +++ b/nis/nis_cache.c @@ -17,6 +17,8 @@ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ +#include <string.h> +#include <unistd.h> #include <rpcsvc/nis.h> #include "nis_intern.h" diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c index dab1b5e566..ca5abc4d2c 100644 --- a/nis/nss_compat/compat-grp.c +++ b/nis/nss_compat/compat-grp.c @@ -263,6 +263,14 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, ent->nis = 0; return NSS_STATUS_UNAVAIL; } + + if ( buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + save_oldkey = ent->oldkey; save_oldlen = ent->oldkeylen; save_nis_first = TRUE; @@ -280,6 +288,13 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, return NSS_STATUS_NOTFOUND; } + if ( buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + save_oldkey = ent->oldkey; save_oldlen = ent->oldkeylen; save_nis_first = FALSE; @@ -287,7 +302,7 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, ent->oldkeylen = outkeylen; } - /* Copy the found data to our buffer */ + /* Copy the found data to our buffer... */ p = strncpy (buffer, outval, buflen); /* ...and free the data. */ @@ -427,8 +442,17 @@ getgrnam_plusgroup (const char *name, struct group *result, char *buffer, &outval, &outvallen) != YPERR_SUCCESS) return NSS_STATUS_NOTFOUND; - p = strncpy (buffer, outval, - buflen < (size_t) outvallen ? buflen : (size_t) outvallen); + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + /* Copy the found data to our buffer... */ + p = strncpy (buffer, outval, buflen); + + /* ... and free the data. */ free (outval); while (isspace (*p)) ++p; @@ -758,9 +782,20 @@ getgrgid_plusgroup (gid_t gid, struct group *result, char *buffer, *errnop = errno; return NSS_STATUS_TRYAGAIN; } - p = strncpy (buffer, outval, - buflen < (size_t) outvallen ? buflen : (size_t) outvallen); + + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + /* Copy the found data to our buffer... */ + p = strncpy (buffer, outval, buflen); + + /* ... and free the data. */ free (outval); + while (isspace (*p)) p++; parse_res = _nss_files_parse_grent (p, result, data, buflen, errnop); diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c index 5bfff17ca5..eec2634f3a 100644 --- a/nis/nss_compat/compat-pwd.c +++ b/nis/nss_compat/compat-pwd.c @@ -393,7 +393,7 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent, if (domain != NULL && strcmp (ypdomain, domain) != 0) continue; - /* If name != NULL, we are called from getpwnam */ + /* If name != NULL, we are called from getpwnam. */ if (name != NULL) if (strcmp (user, name) != 0) continue; @@ -406,12 +406,21 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent, p2len = pwd_need_buflen (&ent->pwd); if (p2len > buflen) { + free (outval); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } p2 = buffer + (buflen - p2len); buflen -= p2len; + + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } p = strncpy (buffer, outval, buflen); + while (isspace (*p)) p++; free (outval); @@ -650,6 +659,13 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, return NSS_STATUS_UNAVAIL; } + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + saved_first = TRUE; saved_oldkey = ent->oldkey; saved_oldlen = ent->oldkeylen; @@ -668,6 +684,13 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, return NSS_STATUS_NOTFOUND; } + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + saved_first = FALSE; saved_oldkey = ent->oldkey; saved_oldlen = ent->oldkeylen; @@ -769,9 +792,13 @@ getpwnam_plususer (const char *name, struct passwd *result, char *buffer, &outval, &outvallen) != YPERR_SUCCESS) return NSS_STATUS_NOTFOUND; - ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ? - buflen : (size_t) outvallen); - buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0'; + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + ptr = strncpy (buffer, outval, buflen); free (outval); while (isspace (*ptr)) ptr++; @@ -1259,10 +1286,17 @@ getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer, *errnop = errno; return NSS_STATUS_TRYAGAIN; } - ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ? - buflen : (size_t) outvallen); - buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0'; + + if ( buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + ptr = strncpy (buffer, outval, buflen); free (outval); + while (isspace (*ptr)) ptr++; parse_res = _nss_files_parse_pwent (ptr, result, data, buflen, errnop); diff --git a/nis/nss_compat/compat-spwd.c b/nis/nss_compat/compat-spwd.c index 816e9c1f0a..1d4216393a 100644 --- a/nis/nss_compat/compat-spwd.c +++ b/nis/nss_compat/compat-spwd.c @@ -359,11 +359,18 @@ getspent_next_nis_netgr (const char *name, struct spwd *result, ent_t *ent, p2len = spwd_need_buflen (&ent->pwd); if (p2len > buflen) { + free (outval); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } p2 = buffer + (buflen - p2len); buflen -= p2len; + if (buflen < ((size_t) outval + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } p = strncpy (buffer, outval, buflen); while (isspace (*p)) p++; @@ -601,6 +608,14 @@ getspent_next_nis (struct spwd *result, ent_t *ent, give_spwd_free (&ent->pwd); return NSS_STATUS_UNAVAIL; } + + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + saved_first = TRUE; saved_oldkey = ent->oldkey; saved_oldlen = ent->oldkeylen; @@ -619,6 +634,13 @@ getspent_next_nis (struct spwd *result, ent_t *ent, return NSS_STATUS_NOTFOUND; } + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + saved_first = FALSE; saved_oldkey = ent->oldkey; saved_oldlen = ent->oldkeylen; @@ -720,9 +742,14 @@ getspnam_plususer (const char *name, struct spwd *result, char *buffer, &outval, &outvallen) != YPERR_SUCCESS) return NSS_STATUS_NOTFOUND; - ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ? - buflen : (size_t) outvallen); - buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0'; + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + ptr = strncpy (buffer, outval, buflen); free (outval); while (isspace (*ptr)) ptr++; |