summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schwenke <martin@meltin.net>2020-06-09 11:52:50 +1000
committerKarolin Seeger <kseeger@samba.org>2020-07-06 09:06:23 +0000
commitf9d9ba6cd06aca053c747c399ba700db80b1623c (patch)
tree3d487837a889fe21b1be4a0a525b84dda69fc2a1
parent05596094a9b41fd1de417cfd31cfe898e21cd4cf (diff)
downloadsamba-f9d9ba6cd06aca053c747c399ba700db80b1623c.tar.gz
util: Simplify input validation
It appears that snprintf(3) is being used for input validation. However, this seems like overkill because it causes szPath to be copied an extra time. The mostly likely protections being sought here, according to https://cwe.mitre.org/data/definitions/20.html, look to be DoS attacks involving CPU and memory usage. A simpler check that uses strnlen(3) can mitigate against both of these and is simpler. Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Bjoern Jacke <bjacke@samba.org> (cherry picked from commit 922bce2668994dd2a5988c17060f977e9bb0c229)
Diffstat
-rw-r--r--lib/util/util_paths.c9
1 files changed, 4 insertions, 5 deletions
diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
index c0ee5c32c30..dec91772d9e 100644
--- a/lib/util/util_paths.c
+++ b/lib/util/util_paths.c
@@ -69,21 +69,20 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
struct passwd pwd = {0};
struct passwd *pwdbuf = NULL;
char buf[NSS_BUFLEN_PASSWD] = {0};
+ size_t len;
int rc;
rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
if (rc != 0 || pwdbuf == NULL ) {
- int len_written;
const char *szPath = getenv("HOME");
if (szPath == NULL) {
return NULL;
}
- len_written = snprintf(buf, sizeof(buf), "%s", szPath);
- if (len_written >= sizeof(buf) || len_written < 0) {
- /* Output was truncated or an error. */
+ len = strnlen(szPath, PATH_MAX);
+ if (len >= PATH_MAX) {
return NULL;
}
- return talloc_strdup(mem_ctx, buf);
+ return talloc_strdup(mem_ctx, szPath);
}
return talloc_strdup(mem_ctx, pwd.pw_dir);
View Lorry Controller Status