diff options
author | Stef Walter <stefw@redhat.com> | 2014-01-07 14:49:01 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-01-12 15:24:26 +0100 |
commit | c86904baad32fbf9e66bf1cdc667aa5e683b48ba (patch) | |
tree | f2582020bb75518f4f18942f0e555b2848eb1dd6 /src/util/util.h | |
parent | b9d8c6172e48a2633ebe196b2e88bebdf9523c20 (diff) | |
download | sssd-c86904baad32fbf9e66bf1cdc667aa5e683b48ba.tar.gz sssd-c86904baad32fbf9e66bf1cdc667aa5e683b48ba.tar.xz sssd-c86904baad32fbf9e66bf1cdc667aa5e683b48ba.zip |
NSS: Don't use printf(3) on user provided strings.
This also fixes several corner cases and crashers.
It's not prudent to pass user input to (even admin) input as a
format string to printf, and various distros now check for this.
This can cause accessing memory incorrectly, and various also
various libc abort()'s.
In addition various assumptions were made about full_name_format
that aren't necessarily the case if the user uses a more complex
format.
Use safe-printf.c implementation for formatting full_name_format.
Adapt the NSS resolver so it doesn't barf on formatted strings that
are shorter than expected given a full_name_format.
Tests added and updated appropriately.
Diffstat (limited to 'src/util/util.h')
-rw-r--r-- | src/util/util.h | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/src/util/util.h b/src/util/util.h index 101270571..4a9dbb75f 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -324,14 +324,9 @@ char *get_username_from_uid(TALLOC_CTX *mem_ctx, uid_t uid); char *get_uppercase_realm(TALLOC_CTX *memctx, const char *name); -#define FQ_FMT_NAME 0x01 -#define FQ_FMT_DOMAIN 0x02 -#define FQ_FMT_FLAT_NAME 0x04 - struct sss_names_ctx { char *re_pattern; char *fq_fmt; - uint8_t fq_flags; pcre *re; }; @@ -384,15 +379,14 @@ sss_tc_fqname2(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx, /* Return fully-qualified name formatted according to the fq_fmt. The buffer in "str" is * "size" bytes long. Returns the number of bytes written on success or a negative * value of failure. + * + * Pass a zero size to calculate the length that would be needed by the fully-qualified + * name. */ int sss_fqname(char *str, size_t size, struct sss_names_ctx *nctx, struct sss_domain_info *domain, const char *name); -size_t -sss_fqdom_len(struct sss_names_ctx *nctx, - struct sss_domain_info *domain); - /* Subdomains use fully qualified names in the cache while primary domains use * just the name. Return either of these for a specified domain or subdomain */ |