diff options
Diffstat (limited to 'nis/nss_compat')
-rw-r--r-- | nis/nss_compat/compat-grp.c | 45 | ||||
-rw-r--r-- | nis/nss_compat/compat-pwd.c | 48 | ||||
-rw-r--r-- | nis/nss_compat/compat-spwd.c | 33 |
3 files changed, 111 insertions, 15 deletions
diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c index dab1b5e..ca5abc4 100644 --- a/nis/nss_compat/compat-grp.c +++ b/nis/nss_compat/compat-grp.c @@ -263,6 +263,14 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, ent->nis = 0; return NSS_STATUS_UNAVAIL; } + + if ( buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + save_oldkey = ent->oldkey; save_oldlen = ent->oldkeylen; save_nis_first = TRUE; @@ -280,6 +288,13 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, return NSS_STATUS_NOTFOUND; } + if ( buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + save_oldkey = ent->oldkey; save_oldlen = ent->oldkeylen; save_nis_first = FALSE; @@ -287,7 +302,7 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, ent->oldkeylen = outkeylen; } - /* Copy the found data to our buffer */ + /* Copy the found data to our buffer... */ p = strncpy (buffer, outval, buflen); /* ...and free the data. */ @@ -427,8 +442,17 @@ getgrnam_plusgroup (const char *name, struct group *result, char *buffer, &outval, &outvallen) != YPERR_SUCCESS) return NSS_STATUS_NOTFOUND; - p = strncpy (buffer, outval, - buflen < (size_t) outvallen ? buflen : (size_t) outvallen); + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + /* Copy the found data to our buffer... */ + p = strncpy (buffer, outval, buflen); + + /* ... and free the data. */ free (outval); while (isspace (*p)) ++p; @@ -758,9 +782,20 @@ getgrgid_plusgroup (gid_t gid, struct group *result, char *buffer, *errnop = errno; return NSS_STATUS_TRYAGAIN; } - p = strncpy (buffer, outval, - buflen < (size_t) outvallen ? buflen : (size_t) outvallen); + + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + /* Copy the found data to our buffer... */ + p = strncpy (buffer, outval, buflen); + + /* ... and free the data. */ free (outval); + while (isspace (*p)) p++; parse_res = _nss_files_parse_grent (p, result, data, buflen, errnop); diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c index 5bfff17..eec2634 100644 --- a/nis/nss_compat/compat-pwd.c +++ b/nis/nss_compat/compat-pwd.c @@ -393,7 +393,7 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent, if (domain != NULL && strcmp (ypdomain, domain) != 0) continue; - /* If name != NULL, we are called from getpwnam */ + /* If name != NULL, we are called from getpwnam. */ if (name != NULL) if (strcmp (user, name) != 0) continue; @@ -406,12 +406,21 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent, p2len = pwd_need_buflen (&ent->pwd); if (p2len > buflen) { + free (outval); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } p2 = buffer + (buflen - p2len); buflen -= p2len; + + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } p = strncpy (buffer, outval, buflen); + while (isspace (*p)) p++; free (outval); @@ -650,6 +659,13 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, return NSS_STATUS_UNAVAIL; } + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + saved_first = TRUE; saved_oldkey = ent->oldkey; saved_oldlen = ent->oldkeylen; @@ -668,6 +684,13 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, return NSS_STATUS_NOTFOUND; } + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + saved_first = FALSE; saved_oldkey = ent->oldkey; saved_oldlen = ent->oldkeylen; @@ -769,9 +792,13 @@ getpwnam_plususer (const char *name, struct passwd *result, char *buffer, &outval, &outvallen) != YPERR_SUCCESS) return NSS_STATUS_NOTFOUND; - ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ? - buflen : (size_t) outvallen); - buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0'; + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + ptr = strncpy (buffer, outval, buflen); free (outval); while (isspace (*ptr)) ptr++; @@ -1259,10 +1286,17 @@ getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer, *errnop = errno; return NSS_STATUS_TRYAGAIN; } - ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ? - buflen : (size_t) outvallen); - buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0'; + + if ( buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + ptr = strncpy (buffer, outval, buflen); free (outval); + while (isspace (*ptr)) ptr++; parse_res = _nss_files_parse_pwent (ptr, result, data, buflen, errnop); diff --git a/nis/nss_compat/compat-spwd.c b/nis/nss_compat/compat-spwd.c index 816e9c1..1d42163 100644 --- a/nis/nss_compat/compat-spwd.c +++ b/nis/nss_compat/compat-spwd.c @@ -359,11 +359,18 @@ getspent_next_nis_netgr (const char *name, struct spwd *result, ent_t *ent, p2len = spwd_need_buflen (&ent->pwd); if (p2len > buflen) { + free (outval); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } p2 = buffer + (buflen - p2len); buflen -= p2len; + if (buflen < ((size_t) outval + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } p = strncpy (buffer, outval, buflen); while (isspace (*p)) p++; @@ -601,6 +608,14 @@ getspent_next_nis (struct spwd *result, ent_t *ent, give_spwd_free (&ent->pwd); return NSS_STATUS_UNAVAIL; } + + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + saved_first = TRUE; saved_oldkey = ent->oldkey; saved_oldlen = ent->oldkeylen; @@ -619,6 +634,13 @@ getspent_next_nis (struct spwd *result, ent_t *ent, return NSS_STATUS_NOTFOUND; } + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + saved_first = FALSE; saved_oldkey = ent->oldkey; saved_oldlen = ent->oldkeylen; @@ -720,9 +742,14 @@ getspnam_plususer (const char *name, struct spwd *result, char *buffer, &outval, &outvallen) != YPERR_SUCCESS) return NSS_STATUS_NOTFOUND; - ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ? - buflen : (size_t) outvallen); - buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0'; + if (buflen < ((size_t) outvallen + 1)) + { + free (outval); + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + ptr = strncpy (buffer, outval, buflen); free (outval); while (isspace (*ptr)) ptr++; |