diff options
Diffstat (limited to 'extra/cifs-utils/0004-cifscreds-better-error-handling-when-key_search-fail.patch')
| -rw-r--r-- | extra/cifs-utils/0004-cifscreds-better-error-handling-when-key_search-fail.patch | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/extra/cifs-utils/0004-cifscreds-better-error-handling-when-key_search-fail.patch b/extra/cifs-utils/0004-cifscreds-better-error-handling-when-key_search-fail.patch new file mode 100644 index 000000000..cf57eea7b --- /dev/null +++ b/extra/cifs-utils/0004-cifscreds-better-error-handling-when-key_search-fail.patch @@ -0,0 +1,85 @@ +From 3da4c43b575498be86c87a2ac3f3142e3cab1c59 Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlayton@samba.org> +Date: Sun, 20 Apr 2014 20:41:05 -0400 +Subject: [PATCH] cifscreds: better error handling when key_search fails + +If we ended up getting a bogus string that would have overflowed, then +make key_search set errno to EINVAL before returning. The callers can +then test to see if the returned error is what was expected or something +else and handle it appropriately. + +Cc: Sebastian Krahmer <krahmer@suse.de> +Signed-off-by: Jeff Layton <jlayton@samba.org> +--- + cifscreds.c | 9 +++++++++ + cifskey.c | 5 ++++- + pam_cifscreds.c | 9 +++++++++ + 3 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/cifscreds.c b/cifscreds.c +index fa05dc8..64d55b0 100644 +--- a/cifscreds.c ++++ b/cifscreds.c +@@ -188,6 +188,15 @@ static int cifscreds_add(struct cmdarg *arg) + return EXIT_FAILURE; + } + ++ switch(errno) { ++ case ENOKEY: ++ /* success */ ++ break; ++ default: ++ printf("Key search failed: %s\n", strerror(errno)); ++ return EXIT_FAILURE; ++ } ++ + currentaddress = nextaddress; + if (currentaddress) { + *(currentaddress - 1) = ','; +diff --git a/cifskey.c b/cifskey.c +index e89cacf..4f01ed0 100644 +--- a/cifskey.c ++++ b/cifskey.c +@@ -20,6 +20,7 @@ + #include <sys/types.h> + #include <keyutils.h> + #include <stdio.h> ++#include <errno.h> + #include "cifskey.h" + #include "resolve_host.h" + +@@ -29,8 +30,10 @@ key_search(const char *addr, char keytype) + { + char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4]; + +- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) ++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) { ++ errno = EINVAL; + return -1; ++ } + + return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0); + } +diff --git a/pam_cifscreds.c b/pam_cifscreds.c +index e0d8a55..fb23117 100644 +--- a/pam_cifscreds.c ++++ b/pam_cifscreds.c +@@ -206,6 +206,15 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas + return PAM_SERVICE_ERR; + } + ++ switch(errno) { ++ case ENOKEY: ++ break; ++ default: ++ pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)", ++ currentaddress, strerror(errno)); ++ return PAM_SERVICE_ERR; ++ } ++ + currentaddress = nextaddress; + if (currentaddress) { + *(currentaddress - 1) = ','; +-- +1.8.4.2 + |