diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2012-01-06 13:56:34 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-01-14 11:53:29 -0500 |
| commit | 22c7230dc0c8d41a189eb758be78991d183de1f7 (patch) | |
| tree | 9b5bb11dcf31e98d104071dbb0b5042708ca1040 /src | |
| parent | 394f8a24f5794bced737cfb743fe038fb4d0f4a6 (diff) | |
| download | sssd-22c7230dc0c8d41a189eb758be78991d183de1f7.tar.gz sssd-22c7230dc0c8d41a189eb758be78991d183de1f7.tar.xz sssd-22c7230dc0c8d41a189eb758be78991d183de1f7.zip | |
NSS: Validate input string lengths
Also fixes a return value bug where we were returning errno error
codes instead of nss_status codes.
Fixes https://fedorahosted.org/sssd/ticket/1135
Diffstat (limited to 'src')
| -rw-r--r-- | src/sss_client/nss_group.c | 15 | ||||
| -rw-r--r-- | src/sss_client/nss_netgroup.c | 4 | ||||
| -rw-r--r-- | src/sss_client/nss_passwd.c | 15 | ||||
| -rw-r--r-- | src/sss_client/sss_cli.h | 7 |
4 files changed, 32 insertions, 9 deletions
diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c index 9e308c929..f5e715c86 100644 --- a/src/sss_client/nss_group.c +++ b/src/sss_client/nss_group.c @@ -254,14 +254,23 @@ enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, struct sss_cli_req_data rd; struct sss_nss_gr_rep grrep; uint8_t *repbuf; - size_t replen, len; + size_t replen, len, name_len; enum nss_status nret; int ret; /* Caught once glibc passing in buffer == 0x0 */ - if (!buffer || !buflen) return ERANGE; + if (!buffer || !buflen) { + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + ret = sss_strnlen(name, SSS_NAME_MAX, &name_len); + if (ret != 0) { + *errnop = EINVAL; + return NSS_STATUS_NOTFOUND; + } - rd.len = strlen(name) + 1; + rd.len = name_len + 1; rd.data = name; sss_nss_lock(); diff --git a/src/sss_client/nss_netgroup.c b/src/sss_client/nss_netgroup.c index 2d1acc5df..f63b11359 100644 --- a/src/sss_client/nss_netgroup.c +++ b/src/sss_client/nss_netgroup.c @@ -33,8 +33,6 @@ #include "sss_cli.h" #include "nss_compat.h" -#define MAX_NETGR_NAME_LENGTH 2048 - #define CLEAR_NETGRENT_DATA(netgrent) do { \ free(netgrent->data); \ netgrent->data = NULL; \ @@ -201,7 +199,7 @@ enum nss_status _nss_sss_setnetgrent(const char *netgroup, /* make sure we do not have leftovers, and release memory */ CLEAR_NETGRENT_DATA(result); - ret = sss_strnlen(netgroup, MAX_NETGR_NAME_LENGTH, &name_len); + ret = sss_strnlen(netgroup, SSS_NAME_MAX, &name_len); if (ret != 0) { nret = NSS_STATUS_NOTFOUND; goto out; diff --git a/src/sss_client/nss_passwd.c b/src/sss_client/nss_passwd.c index 31b9a7949..15de59728 100644 --- a/src/sss_client/nss_passwd.c +++ b/src/sss_client/nss_passwd.c @@ -179,14 +179,23 @@ enum nss_status _nss_sss_getpwnam_r(const char *name, struct passwd *result, struct sss_cli_req_data rd; struct sss_nss_pw_rep pwrep; uint8_t *repbuf; - size_t replen, len; + size_t replen, len, name_len; enum nss_status nret; int ret; /* Caught once glibc passing in buffer == 0x0 */ - if (!buffer || !buflen) return ERANGE; + if (!buffer || !buflen) { + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + ret = sss_strnlen(name, SSS_NAME_MAX, &name_len); + if (ret != 0) { + *errnop = EINVAL; + return NSS_STATUS_NOTFOUND; + } - rd.len = strlen(name) + 1; + rd.len = name_len + 1; rd.data = name; sss_nss_lock(); diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index f9bbda98e..dc15ac13b 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -29,6 +29,7 @@ #include <pwd.h> #include <grp.h> #include <string.h> +#include <limits.h> #ifndef HAVE_ERRNO_T #define HAVE_ERRNO_T @@ -39,6 +40,12 @@ typedef int errno_t; #define SSS_PAM_PROTOCOL_VERSION 3 #define SSS_SUDO_PROTOCOL_VERSION 0 +#ifdef LOGIN_NAME_MAX +#define SSS_NAME_MAX LOGIN_NAME_MAX +#else +#define SSS_NAME_MAX 256 +#endif + /** * @defgroup sss_cli_command SSS client commands * @{ |