NSS: Validate input string lengths

Also fixes a return value bug where we were returning errno error
codes instead of nss_status codes.

Fixes https://fedorahosted.org/sssd/ticket/1135

1 files changed, 12 insertions, 3 deletions

diff --git a/src/sss_client/nss_passwd.c b/src/sss_client/nss_passwd.c
index 31b9a794..15de5972 100644
--- a/src/sss_client/nss_passwd.c
+++ b/src/sss_client/nss_passwd.c
@@ -179,14 +179,23 @@ enum nss_status _nss_sss_getpwnam_r(const char *name, struct passwd *result,
     struct sss_cli_req_data rd;
     struct sss_nss_pw_rep pwrep;
     uint8_t *repbuf;
-    size_t replen, len;
+    size_t replen, len, name_len;
     enum nss_status nret;
     int ret;
 
     /* Caught once glibc passing in buffer == 0x0 */
-    if (!buffer || !buflen) return ERANGE;
+    if (!buffer || !buflen) {
+        *errnop = ERANGE;
+        return NSS_STATUS_TRYAGAIN;
+    }
+
+    ret = sss_strnlen(name, SSS_NAME_MAX, &name_len);
+    if (ret != 0) {
+        *errnop = EINVAL;
+        return NSS_STATUS_NOTFOUND;
+    }
 
-    rd.len = strlen(name) + 1;
+    rd.len = name_len + 1;
     rd.data = name;
 
     sss_nss_lock();