diff options
Diffstat (limited to 'server/responder/pam')
-rw-r--r-- | server/responder/pam/pamsrv_cmd.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c index 8a7ccd95..324ab835 100644 --- a/server/responder/pam/pamsrv_cmd.c +++ b/server/responder/pam/pamsrv_cmd.c @@ -37,12 +37,12 @@ static int extract_authtok(uint32_t *type, uint32_t *size, uint8_t **tok, uint8_ if (blen-(*c) < 2*sizeof(uint32_t)) return EINVAL; - data_size = ((uint32_t *)&body[*c])[0]; + memcpy(&data_size, &body[*c], sizeof(uint32_t)); *c += sizeof(uint32_t); if (data_size < sizeof(uint32_t) || (*c)+(data_size) > blen) return EINVAL; *size = data_size - sizeof(uint32_t); - *type = ((uint32_t *)&body[*c])[0]; + memcpy(type, &body[*c], sizeof(uint32_t)); *c += sizeof(uint32_t); *tok = body+(*c); @@ -58,7 +58,7 @@ static int extract_string(char **var, uint8_t *body, size_t blen, size_t *c) { if (blen-(*c) < sizeof(uint32_t)+1) return EINVAL; - size = ((uint32_t *)&body[*c])[0]; + memcpy(&size, &body[*c], sizeof(uint32_t)); *c += sizeof(uint32_t); if (*c+size > blen) return EINVAL; @@ -78,10 +78,10 @@ static int extract_uint32_t(uint32_t *var, uint8_t *body, size_t blen, size_t *c if (blen-(*c) < 2*sizeof(uint32_t)) return EINVAL; - size = ((uint32_t *)&body[*c])[0]; + memcpy(&size, &body[*c], sizeof(uint32_t)); *c += sizeof(uint32_t); - *var = ((uint32_t *)&body[*c])[0]; + memcpy(var, &body[*c], sizeof(uint32_t)); *c += sizeof(uint32_t); return EOK; @@ -96,17 +96,18 @@ static int pam_parse_in_data_v2(struct sss_names_ctx *snctx, uint32_t size; char *pam_user; int ret; + uint32_t terminator = END_OF_PAM_REQUEST; if (blen < 4*sizeof(uint32_t)+2 || ((uint32_t *)body)[0] != START_OF_PAM_REQUEST || - ((uint32_t *)(&body[blen - sizeof(uint32_t)]))[0] != END_OF_PAM_REQUEST) { + memcmp(&body[blen - sizeof(uint32_t)], &terminator, sizeof(uint32_t)) != 0) { DEBUG(1, ("Received data is invalid.\n")); return EINVAL; } c = sizeof(uint32_t); do { - type = ((uint32_t *)&body[c])[0]; + memcpy(&type, &body[c], sizeof(uint32_t)); c += sizeof(uint32_t); if (c > blen) return EINVAL; @@ -670,6 +671,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) size_t blen; int timeout; int ret; + uint32_t terminator = END_OF_PAM_REQUEST; preq = talloc_zero(cctx, struct pam_auth_req); if (!preq) { return ENOMEM; @@ -685,7 +687,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) sss_packet_get_body(cctx->creq->in, &body, &blen); if (blen >= sizeof(uint32_t) && - ((uint32_t *)(&body[blen - sizeof(uint32_t)]))[0] != END_OF_PAM_REQUEST) { + memcmp(&body[blen - sizeof(uint32_t)], &terminator, sizeof(uint32_t)) != 0) { DEBUG(1, ("Received data not terminated.\n")); ret = EINVAL; goto done; |