diff options
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 11 | ||||
-rw-r--r-- | src/sss_client/group.c | 18 | ||||
-rw-r--r-- | src/sss_client/passwd.c | 7 | ||||
-rw-r--r-- | src/sss_client/sss_cli.h | 14 |
4 files changed, 37 insertions, 13 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index c43a544e..042517ad 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -205,9 +205,8 @@ static int fill_pwent(struct sss_packet *packet, } sss_packet_get_body(packet, &body, &blen); - ((uint32_t *)(&body[rp]))[0] = uid; - ((uint32_t *)(&body[rp]))[1] = gid; - rp += 2*sizeof(uint32_t); + SAFEALIGN_SET_UINT32(&body[rp], uid, &rp); + SAFEALIGN_SET_UINT32(&body[rp], gid, &rp); if (add_domain) { ret = snprintf((char *)&body[rp], s1, namefmt, name, domain); @@ -1566,10 +1565,10 @@ static int fill_grent(struct sss_packet *packet, sss_packet_get_body(packet, &body, &blen); /* 0-3: 32bit number gid */ - ((uint32_t *)(&body[rzero+GID_ROFFSET]))[0] = gid; + SAFEALIGN_SET_UINT32(&body[rzero+GID_ROFFSET], gid, NULL); /* 4-7: 32bit unsigned number of members */ - ((uint32_t *)(&body[rzero+MNUM_ROFFSET]))[0] = 0; + SAFEALIGN_SET_UINT32(&body[rzero+MNUM_ROFFSET], 0, NULL); /* 8-X: sequence of strings (name, passwd, mem..) */ if (add_domain) { @@ -1688,7 +1687,7 @@ static int fill_grent(struct sss_packet *packet, if (memnum) { /* set num of members */ - ((uint32_t *)(&body[rzero+MNUM_ROFFSET]))[0] = memnum; + SAFEALIGN_SET_UINT32(&body[rzero+MNUM_ROFFSET], memnum, NULL); } } diff --git a/src/sss_client/group.c b/src/sss_client/group.c index 675b8b71..e1b36e2a 100644 --- a/src/sss_client/group.c +++ b/src/sss_client/group.c @@ -78,17 +78,19 @@ struct sss_nss_gr_rep { static int sss_nss_getgr_readrep(struct sss_nss_gr_rep *pr, uint8_t *buf, size_t *len) { - size_t i, l, slen, ptmem; + size_t i, l, slen, ptmem, pad; ssize_t dlen; char *sbuf; uint32_t mem_num; + uint32_t c; if (*len < 11) { /* not enough space for data, bad packet */ return EBADMSG; } - pr->result->gr_gid = ((uint32_t *)buf)[0]; - mem_num = ((uint32_t *)buf)[1]; + SAFEALIGN_COPY_UINT32(&c, buf, NULL); + pr->result->gr_gid = c; + SAFEALIGN_COPY_UINT32(&mem_num, buf+sizeof(uint32_t), NULL); sbuf = (char *)&buf[8]; slen = *len - 8; @@ -127,9 +129,15 @@ static int sss_nss_getgr_readrep(struct sss_nss_gr_rep *pr, i++; dlen--; + /* Make sure pr->buffer[i+pad] is 32 bit aligned */ + pad = 0; + while((i + pad) % 4) { + pad++; + } + /* now members */ - pr->result->gr_mem = (char **)&(pr->buffer[i]); - ptmem = sizeof(char *) * (mem_num + 1); + pr->result->gr_mem = (char **)&(pr->buffer[i+pad]); + ptmem = (sizeof(char *) * (mem_num + 1)) + pad; if (ptmem > dlen) { return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ } diff --git a/src/sss_client/passwd.c b/src/sss_client/passwd.c index 0d70b684..aa5c7602 100644 --- a/src/sss_client/passwd.c +++ b/src/sss_client/passwd.c @@ -74,13 +74,16 @@ static int sss_nss_getpw_readrep(struct sss_nss_pw_rep *pr, { size_t i, slen, dlen; char *sbuf; + uint32_t c; if (*len < 13) { /* not enough space for data, bad packet */ return EBADMSG; } - pr->result->pw_uid = ((uint32_t *)buf)[0]; - pr->result->pw_gid = ((uint32_t *)buf)[1]; + SAFEALIGN_COPY_UINT32(&c, buf, NULL); + pr->result->pw_uid = c; + SAFEALIGN_COPY_UINT32(&c, buf+sizeof(uint32_t), NULL); + pr->result->pw_gid = c; sbuf = (char *)&buf[8]; slen = *len - 8; diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index 1953db2f..2edd158d 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -408,6 +408,20 @@ int sss_pam_make_request(enum sss_cli_command cmd, uint8_t **repbuf, size_t *replen, int *errnop); +#ifndef SAFEALIGN_COPY_UINT32 +static inline void +safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter) +{ + memcpy(dest, src, n); + if (counter) { + *counter += n; + } +} + +#define SAFEALIGN_COPY_UINT32(dest, src, pctr) \ + safealign_memcpy(dest, src, sizeof(uint32_t), pctr) +#endif + #endif /* _SSSCLI_H */ #if 0 |