diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2009-05-09 19:53:29 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2009-05-09 19:53:29 +0000 |
| commit | 8caecb85a37332cf6800ec84b1f08c216afac230 (patch) | |
| tree | bf80be6ef80e0b5e861aa7d1d56257c7db55dc9d | |
| parent | 46655b2812759dd523babe0816d5a1f488b33406 (diff) | |
check the buffer passed by Glibc for validity
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@878 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | nss/common.h | 24 | ||||
| -rw-r--r-- | nss/group.c | 9 |
2 files changed, 26 insertions, 7 deletions
diff --git a/nss/common.h b/nss/common.h index 29a52f5..377903b 100644 --- a/nss/common.h +++ b/nss/common.h @@ -2,7 +2,7 @@ common.h - common functions for NSS lookups Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2007, 2008 Arthur de Jong + Copyright (C) 2006, 2007, 2008, 2009 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -120,6 +120,12 @@ TFILE *nslcd_client_open(void) TFILE *fp; \ int32_t tmpint32; \ enum nss_status retv; \ + /* check that we have a valid buffer */ \ + if ((buffer==NULL)||(buflen<=0)) \ + { \ + *errnop=EINVAL; \ + return NSS_STATUS_UNAVAIL; \ + } \ /* open socket and write request */ \ OPEN_SOCK(fp); \ WRITE_REQUEST(fp,action); \ @@ -150,9 +156,8 @@ TFILE *nslcd_client_open(void) #define NSS_BYINT32(action,val,readfn) \ NSS_BYGEN(action,WRITE_INT32(fp,val),readfn) -/* This macro generates a simple setent() function body. A stream - is opened, a request is written and a check is done for - a response header. */ +/* This macro generates a simple setent() function body. This closes any + open streams so that NSS_GETENT() can open a new file. */ #define NSS_SETENT(fp) \ if (fp!=NULL) \ { \ @@ -161,11 +166,18 @@ TFILE *nslcd_client_open(void) } \ return NSS_STATUS_SUCCESS; -/* This macro generates a getent() function body. A single entry - is read with the readfn() function. */ +/* This macro generates a getent() function body. If the stream is not yet + open, a new one is opened, a request is written and a check is done for + a response header. A single entry is read with the readfn() function. */ #define NSS_GETENT(fp,action,readfn) \ int32_t tmpint32; \ enum nss_status retv; \ + /* check that we have a valid buffer */ \ + if ((buffer==NULL)||(buflen<=0)) \ + { \ + *errnop=EINVAL; \ + return NSS_STATUS_UNAVAIL; \ + } \ /* check that we have a valid file descriptor */ \ if (fp==NULL) \ { \ diff --git a/nss/group.c b/nss/group.c index 33774ff..4fe0123 100644 --- a/nss/group.c +++ b/nss/group.c @@ -2,7 +2,7 @@ group.c - NSS lookup functions for group database Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2007, 2008 Arthur de Jong + Copyright (C) 2006, 2007, 2008, 2009 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -130,9 +130,16 @@ enum nss_status _nss_ldap_initgroups_dyn( const char *user,gid_t skipgroup,long int *start, long int *size,gid_t **groupsp,long int limit,int *errnop) { +/* temporarily map the buffer and buflen names so the check in NSS_BYNAME + for validity of the buffer works (renaming the parameters may cause + confusion) */ +#define buffer groupsp +#define buflen limit NSS_BYNAME(NSLCD_ACTION_GROUP_BYMEMBER, user, read_gids(fp,skipgroup,start,size,groupsp,limit,errnop)); +#undef buffer +#undef buflen } /* thread-local file pointer to an ongoing request */ |