diff options
author | Arthur de Jong <arthur@arthurdejong.org> | 2014-05-04 13:01:09 +0200 |
---|---|---|
committer | Arthur de Jong <arthur@arthurdejong.org> | 2014-05-04 13:28:00 +0200 |
commit | 15fc13ce31cd6455d7c64089425da795da5d51d2 (patch) | |
tree | 1fbb0f99f89a9b05e012c66527e9892b47fbf93f | |
parent | f9878913604c197a214b78f26782efd245237dda (diff) |
Warn when binddn buffer is too small
-rw-r--r-- | nslcd/myldap.c | 18 | ||||
-rw-r--r-- | nslcd/myldap.h | 6 | ||||
-rw-r--r-- | nslcd/pam.c | 14 | ||||
-rw-r--r-- | nslcd/usermod.c | 5 |
4 files changed, 34 insertions, 9 deletions
diff --git a/nslcd/myldap.c b/nslcd/myldap.c index 9e0bc6e..8b97447 100644 --- a/nslcd/myldap.c +++ b/nslcd/myldap.c @@ -1031,14 +1031,30 @@ static int do_open(MYLDAP_SESSION *session) } /* Set alternative credentials for the session. */ -void myldap_set_credentials(MYLDAP_SESSION *session, const char *dn, +int myldap_set_credentials(MYLDAP_SESSION *session, const char *dn, const char *password) { + /* error out when buffers are too small */ + if (strlen(dn) >= sizeof(session->binddn)) + { + log_log(LOG_ERR, + "myldap_set_credentials(): binddn buffer too small (%d required)", + strlen(dn)); + return -1; + } + if (strlen(password) >= sizeof(session->bindpw)) + { + log_log(LOG_ERR, + "myldap_set_credentials(): bindpw buffer too small (%d required)", + strlen(password)); + return -1; + } /* copy dn and password into session */ strncpy(session->binddn, dn, sizeof(session->binddn)); session->binddn[sizeof(session->binddn) - 1] = '\0'; strncpy(session->bindpw, password, sizeof(session->bindpw)); session->bindpw[sizeof(session->bindpw) - 1] = '\0'; + return 0; } /* Get bind ppolicy results from the last bind operation. This function diff --git a/nslcd/myldap.h b/nslcd/myldap.h index c7358af..e54ae52 100644 --- a/nslcd/myldap.h +++ b/nslcd/myldap.h @@ -68,9 +68,9 @@ typedef struct myldap_entry MYLDAP_ENTRY; uses the configuration to find the URLs to attempt connections to. */ MUST_USE MYLDAP_SESSION *myldap_create_session(void); -/* Set alternative credentials for the session. */ -void myldap_set_credentials(MYLDAP_SESSION *session, const char *dn, - const char *password); +/* Set alternative credentials for the session. Returns 0 on success. */ +MUST_USE int myldap_set_credentials(MYLDAP_SESSION *session, const char *dn, + const char *password); /* Get bind ppolicy results from the last bind operation. This function returns a NSLCD_PAM_* code and optional message. */ diff --git a/nslcd/pam.c b/nslcd/pam.c index c194225..7bedcee 100644 --- a/nslcd/pam.c +++ b/nslcd/pam.c @@ -2,7 +2,7 @@ pam.c - pam processing routines Copyright (C) 2009 Howard Chu - Copyright (C) 2009, 2010, 2011, 2012, 2013 Arthur de Jong + Copyright (C) 2009-2014 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -55,7 +55,11 @@ static int try_bind(const char *userdn, const char *password, if (session == NULL) return LDAP_UNAVAILABLE; /* set up credentials for the session */ - myldap_set_credentials(session, userdn, password); + if (myldap_set_credentials(session, userdn, password)) + { + myldap_session_close(session); + return LDAP_LOCAL_ERROR; + } /* perform search for own object (just to do any kind of search) */ attrs[0] = "dn"; attrs[1] = NULL; @@ -686,7 +690,11 @@ static int try_pwmod(MYLDAP_SESSION *oldsession, if (session == NULL) return LDAP_UNAVAILABLE; /* set up credentials for the session */ - myldap_set_credentials(session, binddn, oldpassword); + if (myldap_set_credentials(session, userdn, oldpassword)) + { + myldap_session_close(session); + return LDAP_LOCAL_ERROR; + } /* perform search for own object (just to do any kind of search) */ if ((lookup_dn2uid(session, userdn, &rc, buffer, sizeof(buffer)) != NULL) && (rc == LDAP_SUCCESS)) diff --git a/nslcd/usermod.c b/nslcd/usermod.c index f7b22c5..e0de4d4 100644 --- a/nslcd/usermod.c +++ b/nslcd/usermod.c @@ -2,7 +2,7 @@ usermod.c - routines for changing user information such as full name, login shell, etc - Copyright (C) 2013 Arthur de Jong + Copyright (C) 2013-2014 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -117,7 +117,8 @@ static MYLDAP_SESSION *get_session(const char *binddn, const char *userdn, return NULL; } /* set up credentials for the session */ - myldap_set_credentials(session, binddn, password); + if (myldap_set_credentials(session, binddn, password)) + return NULL; /* perform search for own object (just to do any kind of search to set up the connection with fail-over) */ if ((lookup_dn2uid(session, userdn, rcp, buffer, sizeof(buffer)) == NULL) || |