diff options
Diffstat (limited to 'src/responder')
-rw-r--r-- | src/responder/common/responder.h | 2 | ||||
-rw-r--r-- | src/responder/common/responder_common.c | 9 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 21 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_netgroup.c | 7 | ||||
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 5 |
5 files changed, 44 insertions, 0 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 321cedda..1b39fdd5 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -174,4 +174,6 @@ int sss_dp_send_acct_req(struct resp_ctx *rctx, TALLOC_CTX *callback_memctx, int responder_logrotate(DBusMessage *message, struct sbus_connection *conn); +bool sss_utf8_check(const uint8_t *s, size_t n); + #endif /* __SSS_RESPONDER_H__ */ diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 719f2464..f97ec06f 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -32,6 +32,7 @@ #include <sys/time.h> #include <errno.h> #include <popt.h> +#include <unistr.h> #include "util/util.h" #include "db/sysdb.h" #include "confdb/confdb.h" @@ -627,3 +628,11 @@ int responder_logrotate(DBusMessage *message, return monitor_common_pong(message, conn); } + +bool sss_utf8_check(const uint8_t *s, size_t n) +{ + if (u8_check(s, n) == NULL) { + return true; + } + return false; +} diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 8f4cb440..a37bd766 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -873,6 +873,13 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx) ret = EINVAL; goto done; } + + /* If the body isn't valid UTF-8, fail */ + if (!sss_utf8_check(body, blen)) { + ret = EINVAL; + goto done; + } + rawname = (const char *)body; domname = NULL; @@ -2140,6 +2147,13 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx) ret = EINVAL; goto done; } + + /* If the body isn't valid UTF-8, fail */ + if (!sss_utf8_check(body, blen)) { + ret = EINVAL; + goto done; + } + rawname = (const char *)body; domname = NULL; @@ -3180,6 +3194,13 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx) ret = EINVAL; goto done; } + + /* If the body isn't valid UTF-8, fail */ + if (!sss_utf8_check(body, blen)) { + ret = EINVAL; + goto done; + } + rawname = (const char *)body; domname = NULL; diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c index cd0ba723..7d5665d4 100644 --- a/src/responder/nss/nsssrv_netgroup.c +++ b/src/responder/nss/nsssrv_netgroup.c @@ -113,6 +113,13 @@ int nss_cmd_setnetgrent(struct cli_ctx *client) ret = EINVAL; goto done; } + + /* If the body isn't valid UTF-8, fail */ + if (!sss_utf8_check(body, blen)) { + ret = EINVAL; + goto done; + } + rawname = (const char *)body; req = setnetgrent_send(cmdctx, rawname, cmdctx); diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 1d2a2a58..18ba3fdf 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -70,6 +70,11 @@ static int extract_string(char **var, size_t size, uint8_t *body, size_t blen, if (str[size-1]!='\0') return EINVAL; + /* If the string isn't valid UTF-8, fail */ + if (!sss_utf8_check(str, size)) { + return EINVAL; + } + *c += size; *var = (char *) str; |