aboutsummaryrefslogtreecommitdiff
path: root/nis/nss_compat
diff options
context:
space:
mode:
Diffstat (limited to 'nis/nss_compat')
-rw-r--r--nis/nss_compat/compat-grp.c45
-rw-r--r--nis/nss_compat/compat-pwd.c48
-rw-r--r--nis/nss_compat/compat-spwd.c33
3 files changed, 111 insertions, 15 deletions
diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c
index dab1b5e..ca5abc4 100644
--- a/nis/nss_compat/compat-grp.c
+++ b/nis/nss_compat/compat-grp.c
@@ -263,6 +263,14 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer,
ent->nis = 0;
return NSS_STATUS_UNAVAIL;
}
+
+ if ( buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
save_oldkey = ent->oldkey;
save_oldlen = ent->oldkeylen;
save_nis_first = TRUE;
@@ -280,6 +288,13 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer,
return NSS_STATUS_NOTFOUND;
}
+ if ( buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
save_oldkey = ent->oldkey;
save_oldlen = ent->oldkeylen;
save_nis_first = FALSE;
@@ -287,7 +302,7 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer,
ent->oldkeylen = outkeylen;
}
- /* Copy the found data to our buffer */
+ /* Copy the found data to our buffer... */
p = strncpy (buffer, outval, buflen);
/* ...and free the data. */
@@ -427,8 +442,17 @@ getgrnam_plusgroup (const char *name, struct group *result, char *buffer,
&outval, &outvallen) != YPERR_SUCCESS)
return NSS_STATUS_NOTFOUND;
- p = strncpy (buffer, outval,
- buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* Copy the found data to our buffer... */
+ p = strncpy (buffer, outval, buflen);
+
+ /* ... and free the data. */
free (outval);
while (isspace (*p))
++p;
@@ -758,9 +782,20 @@ getgrgid_plusgroup (gid_t gid, struct group *result, char *buffer,
*errnop = errno;
return NSS_STATUS_TRYAGAIN;
}
- p = strncpy (buffer, outval,
- buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
+
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* Copy the found data to our buffer... */
+ p = strncpy (buffer, outval, buflen);
+
+ /* ... and free the data. */
free (outval);
+
while (isspace (*p))
p++;
parse_res = _nss_files_parse_grent (p, result, data, buflen, errnop);
diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c
index 5bfff17..eec2634 100644
--- a/nis/nss_compat/compat-pwd.c
+++ b/nis/nss_compat/compat-pwd.c
@@ -393,7 +393,7 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent,
if (domain != NULL && strcmp (ypdomain, domain) != 0)
continue;
- /* If name != NULL, we are called from getpwnam */
+ /* If name != NULL, we are called from getpwnam. */
if (name != NULL)
if (strcmp (user, name) != 0)
continue;
@@ -406,12 +406,21 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent,
p2len = pwd_need_buflen (&ent->pwd);
if (p2len > buflen)
{
+ free (outval);
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
p2 = buffer + (buflen - p2len);
buflen -= p2len;
+
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
p = strncpy (buffer, outval, buflen);
+
while (isspace (*p))
p++;
free (outval);
@@ -650,6 +659,13 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer,
return NSS_STATUS_UNAVAIL;
}
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
saved_first = TRUE;
saved_oldkey = ent->oldkey;
saved_oldlen = ent->oldkeylen;
@@ -668,6 +684,13 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer,
return NSS_STATUS_NOTFOUND;
}
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
saved_first = FALSE;
saved_oldkey = ent->oldkey;
saved_oldlen = ent->oldkeylen;
@@ -769,9 +792,13 @@ getpwnam_plususer (const char *name, struct passwd *result, char *buffer,
&outval, &outvallen) != YPERR_SUCCESS)
return NSS_STATUS_NOTFOUND;
- ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
- buflen : (size_t) outvallen);
- buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+ ptr = strncpy (buffer, outval, buflen);
free (outval);
while (isspace (*ptr))
ptr++;
@@ -1259,10 +1286,17 @@ getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
*errnop = errno;
return NSS_STATUS_TRYAGAIN;
}
- ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
- buflen : (size_t) outvallen);
- buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+
+ if ( buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ ptr = strncpy (buffer, outval, buflen);
free (outval);
+
while (isspace (*ptr))
ptr++;
parse_res = _nss_files_parse_pwent (ptr, result, data, buflen, errnop);
diff --git a/nis/nss_compat/compat-spwd.c b/nis/nss_compat/compat-spwd.c
index 816e9c1..1d42163 100644
--- a/nis/nss_compat/compat-spwd.c
+++ b/nis/nss_compat/compat-spwd.c
@@ -359,11 +359,18 @@ getspent_next_nis_netgr (const char *name, struct spwd *result, ent_t *ent,
p2len = spwd_need_buflen (&ent->pwd);
if (p2len > buflen)
{
+ free (outval);
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
p2 = buffer + (buflen - p2len);
buflen -= p2len;
+ if (buflen < ((size_t) outval + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
p = strncpy (buffer, outval, buflen);
while (isspace (*p))
p++;
@@ -601,6 +608,14 @@ getspent_next_nis (struct spwd *result, ent_t *ent,
give_spwd_free (&ent->pwd);
return NSS_STATUS_UNAVAIL;
}
+
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
saved_first = TRUE;
saved_oldkey = ent->oldkey;
saved_oldlen = ent->oldkeylen;
@@ -619,6 +634,13 @@ getspent_next_nis (struct spwd *result, ent_t *ent,
return NSS_STATUS_NOTFOUND;
}
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
saved_first = FALSE;
saved_oldkey = ent->oldkey;
saved_oldlen = ent->oldkeylen;
@@ -720,9 +742,14 @@ getspnam_plususer (const char *name, struct spwd *result, char *buffer,
&outval, &outvallen) != YPERR_SUCCESS)
return NSS_STATUS_NOTFOUND;
- ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
- buflen : (size_t) outvallen);
- buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ ptr = strncpy (buffer, outval, buflen);
free (outval);
while (isspace (*ptr))
ptr++;