diff options
| author | Rich Felker <dalias@aerifal.cx> | 2015-03-15 23:46:22 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2015-03-15 23:46:22 -0400 |
| commit | 4b5ca13fb170314e0e0c37b304ca56171625afd1 (patch) | |
| tree | 2db732a3f15e781f81d1706a8b3d042869a04729 /src/passwd | |
| parent | 49d1e7f93129cdcc2ab0cc91832b8a29ccd1570d (diff) | |
| download | musl-4b5ca13fb170314e0e0c37b304ca56171625afd1.tar.gz musl-4b5ca13fb170314e0e0c37b304ca56171625afd1.tar.xz musl-4b5ca13fb170314e0e0c37b304ca56171625afd1.zip | |
avoid sending huge names as nscd passwd/group queries
overly long user/group names are potentially a DoS vector and source of other problems like partial writes by sendmsg, and not useful.
Diffstat (limited to 'src/passwd')
| -rw-r--r-- | src/passwd/nscd_query.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/passwd/nscd_query.c b/src/passwd/nscd_query.c index 55ccc0a8..69a7815e 100644 --- a/src/passwd/nscd_query.c +++ b/src/passwd/nscd_query.c @@ -4,6 +4,7 @@ #include <stdio.h> #include <string.h> #include <errno.h> +#include <limits.h> #include "nscd.h" static const struct { @@ -22,7 +23,7 @@ FILE *__nscd_query(int32_t req, const char *key, int32_t *buf, size_t len, int * int32_t req_buf[REQ_LEN] = { NSCDVERSION, req, - strlen(key)+1 + strnlen(key,LOGIN_NAME_MAX)+1 }; struct msghdr msg = { .msg_iov = (struct iovec[]){ @@ -45,7 +46,7 @@ retry: return 0; } - if (strlen(key) > INT32_MAX - 1) + if (req_buf[2] > LOGIN_NAME_MAX) return f; if (connect(fd, (struct sockaddr*)&addr, sizeof(addr)) < 0) { |