diff options
Diffstat (limited to 'nscd/nscd_getpw_r.c')
| -rw-r--r-- | nscd/nscd_getpw_r.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/nscd/nscd_getpw_r.c b/nscd/nscd_getpw_r.c index b04dcfaa99..fe5fb43ca1 100644 --- a/nscd/nscd_getpw_r.c +++ b/nscd/nscd_getpw_r.c @@ -66,14 +66,18 @@ __nscd_getpwuid_r (uid_t uid, struct passwd *resultbuf, char *buffer, } -libc_locked_map_ptr (map_handle); +libc_locked_map_ptr (static, map_handle); /* Note that we only free the structure if necessary. The memory mapping is not removed since it is not visible to the malloc handling. */ -libc_freeres_fn (gr_map_free) +libc_freeres_fn (pw_map_free) { if (map_handle.mapped != NO_MAPPING) - free (map_handle.mapped); + { + void *p = map_handle.mapped; + map_handle.mapped = NO_MAPPING; + free (p); + } } @@ -184,6 +188,18 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type, /* Copy the various strings. */ memcpy (resultbuf->pw_name, pw_name, total); + /* Try to detect corrupt databases. */ + if (resultbuf->pw_name[pw_resp->pw_name_len - 1] != '\0' + || resultbuf->pw_passwd[pw_resp->pw_passwd_len - 1] != '\0' + || resultbuf->pw_gecos[pw_resp->pw_gecos_len - 1] != '\0' + || resultbuf->pw_dir[pw_resp->pw_dir_len - 1] != '\0' + || resultbuf->pw_shell[pw_resp->pw_shell_len - 1] != '\0') + { + /* We cannot use the database. */ + retval = -1; + goto out_close; + } + *result = resultbuf; } } |