summaryrefslogtreecommitdiff
path: root/nis
diff options
context:
space:
mode:
Diffstat (limited to 'nis')
-rw-r--r--nis/nis_cache.c2
-rw-r--r--nis/nss_compat/compat-grp.c45
-rw-r--r--nis/nss_compat/compat-pwd.c48
-rw-r--r--nis/nss_compat/compat-spwd.c33
4 files changed, 113 insertions, 15 deletions
diff --git a/nis/nis_cache.c b/nis/nis_cache.c
index a0e1130077..26cac675a5 100644
--- a/nis/nis_cache.c
+++ b/nis/nis_cache.c
@@ -17,6 +17,8 @@
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA. */
+#include <string.h>
+#include <unistd.h>
#include <rpcsvc/nis.h>
#include "nis_intern.h"
diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c
index dab1b5e566..ca5abc4d2c 100644
--- a/nis/nss_compat/compat-grp.c
+++ b/nis/nss_compat/compat-grp.c
@@ -263,6 +263,14 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer,
ent->nis = 0;
return NSS_STATUS_UNAVAIL;
}
+
+ if ( buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
save_oldkey = ent->oldkey;
save_oldlen = ent->oldkeylen;
save_nis_first = TRUE;
@@ -280,6 +288,13 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer,
return NSS_STATUS_NOTFOUND;
}
+ if ( buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
save_oldkey = ent->oldkey;
save_oldlen = ent->oldkeylen;
save_nis_first = FALSE;
@@ -287,7 +302,7 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer,
ent->oldkeylen = outkeylen;
}
- /* Copy the found data to our buffer */
+ /* Copy the found data to our buffer... */
p = strncpy (buffer, outval, buflen);
/* ...and free the data. */
@@ -427,8 +442,17 @@ getgrnam_plusgroup (const char *name, struct group *result, char *buffer,
&outval, &outvallen) != YPERR_SUCCESS)
return NSS_STATUS_NOTFOUND;
- p = strncpy (buffer, outval,
- buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* Copy the found data to our buffer... */
+ p = strncpy (buffer, outval, buflen);
+
+ /* ... and free the data. */
free (outval);
while (isspace (*p))
++p;
@@ -758,9 +782,20 @@ getgrgid_plusgroup (gid_t gid, struct group *result, char *buffer,
*errnop = errno;
return NSS_STATUS_TRYAGAIN;
}
- p = strncpy (buffer, outval,
- buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
+
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* Copy the found data to our buffer... */
+ p = strncpy (buffer, outval, buflen);
+
+ /* ... and free the data. */
free (outval);
+
while (isspace (*p))
p++;
parse_res = _nss_files_parse_grent (p, result, data, buflen, errnop);
diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c
index 5bfff17ca5..eec2634f3a 100644
--- a/nis/nss_compat/compat-pwd.c
+++ b/nis/nss_compat/compat-pwd.c
@@ -393,7 +393,7 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent,
if (domain != NULL && strcmp (ypdomain, domain) != 0)
continue;
- /* If name != NULL, we are called from getpwnam */
+ /* If name != NULL, we are called from getpwnam. */
if (name != NULL)
if (strcmp (user, name) != 0)
continue;
@@ -406,12 +406,21 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent,
p2len = pwd_need_buflen (&ent->pwd);
if (p2len > buflen)
{
+ free (outval);
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
p2 = buffer + (buflen - p2len);
buflen -= p2len;
+
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
p = strncpy (buffer, outval, buflen);
+
while (isspace (*p))
p++;
free (outval);
@@ -650,6 +659,13 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer,
return NSS_STATUS_UNAVAIL;
}
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
saved_first = TRUE;
saved_oldkey = ent->oldkey;
saved_oldlen = ent->oldkeylen;
@@ -668,6 +684,13 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer,
return NSS_STATUS_NOTFOUND;
}
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
saved_first = FALSE;
saved_oldkey = ent->oldkey;
saved_oldlen = ent->oldkeylen;
@@ -769,9 +792,13 @@ getpwnam_plususer (const char *name, struct passwd *result, char *buffer,
&outval, &outvallen) != YPERR_SUCCESS)
return NSS_STATUS_NOTFOUND;
- ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
- buflen : (size_t) outvallen);
- buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+ ptr = strncpy (buffer, outval, buflen);
free (outval);
while (isspace (*ptr))
ptr++;
@@ -1259,10 +1286,17 @@ getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
*errnop = errno;
return NSS_STATUS_TRYAGAIN;
}
- ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
- buflen : (size_t) outvallen);
- buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+
+ if ( buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ ptr = strncpy (buffer, outval, buflen);
free (outval);
+
while (isspace (*ptr))
ptr++;
parse_res = _nss_files_parse_pwent (ptr, result, data, buflen, errnop);
diff --git a/nis/nss_compat/compat-spwd.c b/nis/nss_compat/compat-spwd.c
index 816e9c1f0a..1d4216393a 100644
--- a/nis/nss_compat/compat-spwd.c
+++ b/nis/nss_compat/compat-spwd.c
@@ -359,11 +359,18 @@ getspent_next_nis_netgr (const char *name, struct spwd *result, ent_t *ent,
p2len = spwd_need_buflen (&ent->pwd);
if (p2len > buflen)
{
+ free (outval);
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
p2 = buffer + (buflen - p2len);
buflen -= p2len;
+ if (buflen < ((size_t) outval + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
p = strncpy (buffer, outval, buflen);
while (isspace (*p))
p++;
@@ -601,6 +608,14 @@ getspent_next_nis (struct spwd *result, ent_t *ent,
give_spwd_free (&ent->pwd);
return NSS_STATUS_UNAVAIL;
}
+
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
saved_first = TRUE;
saved_oldkey = ent->oldkey;
saved_oldlen = ent->oldkeylen;
@@ -619,6 +634,13 @@ getspent_next_nis (struct spwd *result, ent_t *ent,
return NSS_STATUS_NOTFOUND;
}
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
saved_first = FALSE;
saved_oldkey = ent->oldkey;
saved_oldlen = ent->oldkeylen;
@@ -720,9 +742,14 @@ getspnam_plususer (const char *name, struct spwd *result, char *buffer,
&outval, &outvallen) != YPERR_SUCCESS)
return NSS_STATUS_NOTFOUND;
- ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
- buflen : (size_t) outvallen);
- buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+ if (buflen < ((size_t) outvallen + 1))
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ ptr = strncpy (buffer, outval, buflen);
free (outval);
while (isspace (*ptr))
ptr++;
View Lorry Controller Status