From 22c7230dc0c8d41a189eb758be78991d183de1f7 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 6 Jan 2012 13:56:34 -0500
Subject: NSS: Validate input string lengths

Also fixes a return value bug where we were returning errno error
codes instead of nss_status codes.

Fixes https://fedorahosted.org/sssd/ticket/1135
---
 src/sss_client/nss_netgroup.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'src/sss_client/nss_netgroup.c')

diff --git a/src/sss_client/nss_netgroup.c b/src/sss_client/nss_netgroup.c
index 2d1acc5d..f63b1135 100644
--- a/src/sss_client/nss_netgroup.c
+++ b/src/sss_client/nss_netgroup.c
@@ -33,8 +33,6 @@
 #include "sss_cli.h"
 #include "nss_compat.h"
 
-#define MAX_NETGR_NAME_LENGTH 2048
-
 #define CLEAR_NETGRENT_DATA(netgrent) do { \
         free(netgrent->data); \
         netgrent->data = NULL; \
@@ -201,7 +199,7 @@ enum nss_status _nss_sss_setnetgrent(const char *netgroup,
     /* make sure we do not have leftovers, and release memory */
     CLEAR_NETGRENT_DATA(result);
 
-    ret = sss_strnlen(netgroup, MAX_NETGR_NAME_LENGTH, &name_len);
+    ret = sss_strnlen(netgroup, SSS_NAME_MAX, &name_len);
     if (ret != 0) {
         nret = NSS_STATUS_NOTFOUND;
         goto out;
-- 
cgit