summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-01-06 13:56:34 -0500
committerStephen Gallagher <sgallagh@redhat.com>2012-01-14 11:53:29 -0500
commit22c7230dc0c8d41a189eb758be78991d183de1f7 (patch)
tree9b5bb11dcf31e98d104071dbb0b5042708ca1040 /src
parent394f8a24f5794bced737cfb743fe038fb4d0f4a6 (diff)
downloadsssd-22c7230dc0c8d41a189eb758be78991d183de1f7.tar.gz
sssd-22c7230dc0c8d41a189eb758be78991d183de1f7.tar.bz2
sssd-22c7230dc0c8d41a189eb758be78991d183de1f7.zip
NSS: Validate input string lengths
Also fixes a return value bug where we were returning errno error codes instead of nss_status codes. Fixes https://fedorahosted.org/sssd/ticket/1135
Diffstat (limited to 'src')
-rw-r--r--src/sss_client/nss_group.c15
-rw-r--r--src/sss_client/nss_netgroup.c4
-rw-r--r--src/sss_client/nss_passwd.c15
-rw-r--r--src/sss_client/sss_cli.h7
4 files changed, 32 insertions, 9 deletions
diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c
index 9e308c92..f5e715c8 100644
--- a/src/sss_client/nss_group.c
+++ b/src/sss_client/nss_group.c
@@ -254,14 +254,23 @@ enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result,
struct sss_cli_req_data rd;
struct sss_nss_gr_rep grrep;
uint8_t *repbuf;
- size_t replen, len;
+ size_t replen, len, name_len;
enum nss_status nret;
int ret;
/* Caught once glibc passing in buffer == 0x0 */
- if (!buffer || !buflen) return ERANGE;
+ if (!buffer || !buflen) {
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ ret = sss_strnlen(name, SSS_NAME_MAX, &name_len);
+ if (ret != 0) {
+ *errnop = EINVAL;
+ return NSS_STATUS_NOTFOUND;
+ }
- rd.len = strlen(name) + 1;
+ rd.len = name_len + 1;
rd.data = name;
sss_nss_lock();
diff --git a/src/sss_client/nss_netgroup.c b/src/sss_client/nss_netgroup.c
index 2d1acc5d..f63b1135 100644
--- a/src/sss_client/nss_netgroup.c
+++ b/src/sss_client/nss_netgroup.c
@@ -33,8 +33,6 @@
#include "sss_cli.h"
#include "nss_compat.h"
-#define MAX_NETGR_NAME_LENGTH 2048
-
#define CLEAR_NETGRENT_DATA(netgrent) do { \
free(netgrent->data); \
netgrent->data = NULL; \
@@ -201,7 +199,7 @@ enum nss_status _nss_sss_setnetgrent(const char *netgroup,
/* make sure we do not have leftovers, and release memory */
CLEAR_NETGRENT_DATA(result);
- ret = sss_strnlen(netgroup, MAX_NETGR_NAME_LENGTH, &name_len);
+ ret = sss_strnlen(netgroup, SSS_NAME_MAX, &name_len);
if (ret != 0) {
nret = NSS_STATUS_NOTFOUND;
goto out;
diff --git a/src/sss_client/nss_passwd.c b/src/sss_client/nss_passwd.c
index 31b9a794..15de5972 100644
--- a/src/sss_client/nss_passwd.c
+++ b/src/sss_client/nss_passwd.c
@@ -179,14 +179,23 @@ enum nss_status _nss_sss_getpwnam_r(const char *name, struct passwd *result,
struct sss_cli_req_data rd;
struct sss_nss_pw_rep pwrep;
uint8_t *repbuf;
- size_t replen, len;
+ size_t replen, len, name_len;
enum nss_status nret;
int ret;
/* Caught once glibc passing in buffer == 0x0 */
- if (!buffer || !buflen) return ERANGE;
+ if (!buffer || !buflen) {
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ ret = sss_strnlen(name, SSS_NAME_MAX, &name_len);
+ if (ret != 0) {
+ *errnop = EINVAL;
+ return NSS_STATUS_NOTFOUND;
+ }
- rd.len = strlen(name) + 1;
+ rd.len = name_len + 1;
rd.data = name;
sss_nss_lock();
diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h
index f9bbda98..dc15ac13 100644
--- a/src/sss_client/sss_cli.h
+++ b/src/sss_client/sss_cli.h
@@ -29,6 +29,7 @@
#include <pwd.h>
#include <grp.h>
#include <string.h>
+#include <limits.h>
#ifndef HAVE_ERRNO_T
#define HAVE_ERRNO_T
@@ -39,6 +40,12 @@ typedef int errno_t;
#define SSS_PAM_PROTOCOL_VERSION 3
#define SSS_SUDO_PROTOCOL_VERSION 0
+#ifdef LOGIN_NAME_MAX
+#define SSS_NAME_MAX LOGIN_NAME_MAX
+#else
+#define SSS_NAME_MAX 256
+#endif
+
/**
* @defgroup sss_cli_command SSS client commands
* @{