diff options
| author | Andreas Schneider <asn@samba.org> | 2021-04-27 16:11:48 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2021-06-29 02:19:35 +0000 |
| commit | f7ff694cdddfe2c93751dd951fdf08defc51b5d5 (patch) | |
| tree | 67db2d8e1732fcc4eb4666530d319f8704ebb70d /auth | |
| parent | 5dd3a0cc17582388e59f8775d5ffdad679b05aa6 (diff) | |
| download | samba-f7ff694cdddfe2c93751dd951fdf08defc51b5d5.tar.gz | |
auth:creds: Add sanity check for env variables
CID 710829
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
| -rw-r--r-- | auth/credentials/credentials.c | 63 |
1 files changed, 45 insertions, 18 deletions
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 6615ef5cb60..49b350dc0d3 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -1157,38 +1157,65 @@ _PUBLIC_ bool cli_credentials_set_conf(struct cli_credentials *cred, _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { - char *p; const char *error_string; + const char *env = NULL; if (lp_ctx != NULL) { cli_credentials_set_conf(cred, lp_ctx); } - - if (getenv("LOGNAME")) { - cli_credentials_set_username(cred, getenv("LOGNAME"), CRED_GUESS_ENV); + + env = getenv("LOGNAME"); + if (env != NULL) { + size_t len = strlen(env); + + if (len > 0 && len <= 1024) { + cli_credentials_set_username(cred, env, CRED_GUESS_ENV); + } } - if (getenv("USER")) { - cli_credentials_parse_string(cred, getenv("USER"), CRED_GUESS_ENV); - if ((p = strchr_m(getenv("USER"),'%'))) { - memset(p,0,strlen(cred->password)); + env = getenv("USER"); + if (env != NULL) { + size_t len = strlen(env); + + if (len > 0 && len <= 1024) { + char *p = NULL; + + cli_credentials_parse_string(cred, env, CRED_GUESS_ENV); + if ((p = strchr_m(env, '%'))) { + memset(p, '\0', strlen(cred->password)); + } } } - if (getenv("PASSWD")) { - cli_credentials_set_password(cred, getenv("PASSWD"), CRED_GUESS_ENV); + env = getenv("PASSWD"); + if (env != NULL) { + size_t len = strlen(env); + + if (len > 0 && len <= 1024) { + cli_credentials_set_password(cred, env, CRED_GUESS_ENV); + } } - if (getenv("PASSWD_FD")) { - cli_credentials_parse_password_fd(cred, atoi(getenv("PASSWD_FD")), - CRED_GUESS_FILE); + env = getenv("PASSWD"); + if (env != NULL) { + size_t len = strlen(env); + + if (len > 0 && len <= 1024) { + int fd = atoi(env); + + cli_credentials_parse_password_fd(cred, fd, CRED_GUESS_FILE); + } } - - p = getenv("PASSWD_FILE"); - if (p && p[0]) { - cli_credentials_parse_password_file(cred, p, CRED_GUESS_FILE); + + env = getenv("PASSWD_FILE"); + if (env != NULL) { + size_t len = strlen(env); + + if (len > 0 && len <= 4096) { + cli_credentials_parse_password_file(cred, env, CRED_GUESS_FILE); + } } - + if (lp_ctx != NULL && cli_credentials_get_kerberos_state(cred) != CRED_USE_KERBEROS_DISABLED) { cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE, |