From f7ff694cdddfe2c93751dd951fdf08defc51b5d5 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 27 Apr 2021 16:11:48 +0200
Subject: auth:creds: Add sanity check for env variables

CID 710829

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 auth/credentials/credentials.c | 63 ++++++++++++++++++++++++++++++------------
 1 file changed, 45 insertions(+), 18 deletions(-)

(limited to 'auth')

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 6615ef5cb60..49b350dc0d3 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -1157,38 +1157,65 @@ _PUBLIC_ bool cli_credentials_set_conf(struct cli_credentials *cred,
 _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
 			   struct loadparm_context *lp_ctx)
 {
-	char *p;
 	const char *error_string;
+	const char *env = NULL;
 
 	if (lp_ctx != NULL) {
 		cli_credentials_set_conf(cred, lp_ctx);
 	}
-	
-	if (getenv("LOGNAME")) {
-		cli_credentials_set_username(cred, getenv("LOGNAME"), CRED_GUESS_ENV);
+
+	env = getenv("LOGNAME");
+	if (env != NULL) {
+		size_t len = strlen(env);
+
+		if (len > 0 && len <= 1024) {
+			cli_credentials_set_username(cred, env, CRED_GUESS_ENV);
+		}
 	}
 
-	if (getenv("USER")) {
-		cli_credentials_parse_string(cred, getenv("USER"), CRED_GUESS_ENV);
-		if ((p = strchr_m(getenv("USER"),'%'))) {
-			memset(p,0,strlen(cred->password));
+	env = getenv("USER");
+	if (env != NULL) {
+		size_t len = strlen(env);
+
+		if (len > 0 && len <= 1024) {
+			char *p = NULL;
+
+			cli_credentials_parse_string(cred, env, CRED_GUESS_ENV);
+			if ((p = strchr_m(env, '%'))) {
+				memset(p, '\0', strlen(cred->password));
+			}
 		}
 	}
 
-	if (getenv("PASSWD")) {
-		cli_credentials_set_password(cred, getenv("PASSWD"), CRED_GUESS_ENV);
+	env = getenv("PASSWD");
+	if (env != NULL) {
+		size_t len = strlen(env);
+
+		if (len > 0 && len <= 1024) {
+			cli_credentials_set_password(cred, env, CRED_GUESS_ENV);
+		}
 	}
 
-	if (getenv("PASSWD_FD")) {
-		cli_credentials_parse_password_fd(cred, atoi(getenv("PASSWD_FD")), 
-						  CRED_GUESS_FILE);
+	env = getenv("PASSWD");
+	if (env != NULL) {
+		size_t len = strlen(env);
+
+		if (len > 0 && len <= 1024) {
+			int fd = atoi(env);
+
+			cli_credentials_parse_password_fd(cred, fd, CRED_GUESS_FILE);
+		}
 	}
-	
-	p = getenv("PASSWD_FILE");
-	if (p && p[0]) {
-		cli_credentials_parse_password_file(cred, p, CRED_GUESS_FILE);
+
+	env = getenv("PASSWD_FILE");
+	if (env != NULL) {
+		size_t len = strlen(env);
+
+		if (len > 0 && len <= 4096) {
+			cli_credentials_parse_password_file(cred, env, CRED_GUESS_FILE);
+		}
 	}
-	
+
 	if (lp_ctx != NULL &&
 	    cli_credentials_get_kerberos_state(cred) != CRED_USE_KERBEROS_DISABLED) {
 		cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE,
-- 
cgit v1.2.1