diff options
| author | neilbrown <neilbrown> | 2006-04-10 09:57:17 +0000 |
|---|---|---|
| committer | neilbrown <neilbrown> | 2006-04-10 09:57:17 +0000 |
| commit | 660809fe7e597520d17deab9225f1b371c08d65c (patch) | |
| tree | b0da1b809f0f3ca6fac54b662486440998f9cea3 /utils/idmapd | |
| parent | aa2d7a1e352a6c2190452ebc3c638b66a2cf6f9b (diff) | |
| download | nfs-utils-660809fe7e597520d17deab9225f1b371c08d65c.tar.gz nfs-utils-660809fe7e597520d17deab9225f1b371c08d65c.tar.xz nfs-utils-660809fe7e597520d17deab9225f1b371c08d65c.zip | |
2006-04-10 NeilBrown <neilb@suse.de>
Various paranoia checks:
gssd_proc.c: pass max_field sizes to sscanf to avoid buffer
overflow
svcgssd_proc.c: range_check name.length, to ensure name.length+1
doesn't wrap
idmapd.c(nfsdcb): make sure at least one byte is read before
zeroing the last byte that was read, otherwise memory corruption
is possible.
Found by SuSE security audit.
Diffstat (limited to 'utils/idmapd')
| -rw-r--r-- | utils/idmapd/idmapd.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c index 5712edb..158feaf 100644 --- a/utils/idmapd/idmapd.c +++ b/utils/idmapd/idmapd.c @@ -547,9 +547,10 @@ nfsdcb(int fd, short which, void *data) if (which != EV_READ) goto out; - if ((len = read(ic->ic_fd, buf, sizeof(buf))) == -1) { + if ((len = read(ic->ic_fd, buf, sizeof(buf))) <= 0) { idmapd_warnx("nfsdcb: read(%s) failed: errno %d (%s)", - ic->ic_path, errno, strerror(errno)); + ic->ic_path, len?errno:0, + len?strerror(errno):"End of File"); goto out; } |