From 22c7230dc0c8d41a189eb758be78991d183de1f7 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 6 Jan 2012 13:56:34 -0500
Subject: NSS: Validate input string lengths

Also fixes a return value bug where we were returning errno error
codes instead of nss_status codes.

Fixes https://fedorahosted.org/sssd/ticket/1135
---
 src/sss_client/nss_group.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'src/sss_client/nss_group.c')

diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c
index 9e308c929..f5e715c86 100644
--- a/src/sss_client/nss_group.c
+++ b/src/sss_client/nss_group.c
@@ -254,14 +254,23 @@ enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result,
     struct sss_cli_req_data rd;
     struct sss_nss_gr_rep grrep;
     uint8_t *repbuf;
-    size_t replen, len;
+    size_t replen, len, name_len;
     enum nss_status nret;
     int ret;
 
     /* Caught once glibc passing in buffer == 0x0 */
-    if (!buffer || !buflen) return ERANGE;
+    if (!buffer || !buflen) {
+        *errnop = ERANGE;
+        return NSS_STATUS_TRYAGAIN;
+    }
+
+    ret = sss_strnlen(name, SSS_NAME_MAX, &name_len);
+    if (ret != 0) {
+        *errnop = EINVAL;
+        return NSS_STATUS_NOTFOUND;
+    }
 
-    rd.len = strlen(name) + 1;
+    rd.len = name_len + 1;
     rd.data = name;
 
     sss_nss_lock();
-- 
cgit