nss-pam-ldapd commit: r1523 - nss-pam-ldapd/nslcd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd commit: r1523 - nss-pam-ldapd/nslcd
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd commit: r1523 - nss-pam-ldapd/nslcd
- Date: Sat, 27 Aug 2011 22:57:19 +0200 (CEST)
Author: arthur
Date: Sat Aug 27 22:57:18 2011
New Revision: 1523
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1523
Log:
check errno after calls to strtol() to ensure that numbers that are too large
for type will be reported
Modified:
nss-pam-ldapd/nslcd/cfg.c
nss-pam-ldapd/nslcd/group.c
nss-pam-ldapd/nslcd/passwd.c
nss-pam-ldapd/nslcd/protocol.c
nss-pam-ldapd/nslcd/rpc.c
nss-pam-ldapd/nslcd/service.c
nss-pam-ldapd/nslcd/shadow.c
Modified: nss-pam-ldapd/nslcd/cfg.c
==============================================================================
--- nss-pam-ldapd/nslcd/cfg.c Sat Aug 27 17:08:40 2011 (r1522)
+++ nss-pam-ldapd/nslcd/cfg.c Sat Aug 27 22:57:18 2011 (r1523)
@@ -430,8 +430,9 @@
char *tmp;
check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL);
/* check if it is a valid numerical uid */
+ errno=0;
*var=(uid_t)strtol(token,&tmp,0);
- if ((*token!='\0')&&(*tmp=='\0'))
+ if ((*token!='\0')&&(*tmp=='\0')&&(errno==0))
return;
/* find by name */
pwent=getpwnam(token);
@@ -455,8 +456,9 @@
char *tmp;
check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL);
/* check if it is a valid numerical gid */
+ errno=0;
*var=(gid_t)strtol(token,&tmp,0);
- if ((*token!='\0')&&(*tmp=='\0'))
+ if ((*token!='\0')&&(*tmp=='\0')&&(errno==0))
return;
/* find by name */
grent=getgrnam(token);
Modified: nss-pam-ldapd/nslcd/group.c
==============================================================================
--- nss-pam-ldapd/nslcd/group.c Sat Aug 27 17:08:40 2011 (r1522)
+++ nss-pam-ldapd/nslcd/group.c Sat Aug 27 22:57:18 2011 (r1523)
@@ -280,6 +280,7 @@
gids[numgids]=(gid_t)binsid2id(gidvalues[numgids]);
else
{
+ errno=0;
gids[numgids]=(gid_t)strtol(gidvalues[numgids],&tmp,0);
if ((*(gidvalues[numgids])=='\0')||(*tmp!='\0'))
{
@@ -287,6 +288,12 @@
myldap_get_dn(entry),attmap_group_gidNumber);
return 0;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"group entry %s contains too large %s value",
+ myldap_get_dn(entry),attmap_group_gidNumber);
+ return 0;
+ }
}
}
}
Modified: nss-pam-ldapd/nslcd/passwd.c
==============================================================================
--- nss-pam-ldapd/nslcd/passwd.c Sat Aug 27 17:08:40 2011 (r1522)
+++ nss-pam-ldapd/nslcd/passwd.c Sat Aug 27 22:57:18 2011 (r1523)
@@ -194,6 +194,7 @@
uid=(uid_t)binsid2id(values[i]);
else
{
+ errno=0;
uid=(uid_t)strtol(values[i],&tmp,0);
if ((*(values[i])=='\0')||(*tmp!='\0'))
{
@@ -201,6 +202,12 @@
myldap_get_dn(entry),attmap_passwd_uidNumber);
continue;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"passwd entry %s contains too large %s value",
+ myldap_get_dn(entry),attmap_passwd_uidNumber);
+ continue;
+ }
}
if (uid>=nslcd_cfg->ldc_nss_min_uid)
return 1;
@@ -481,6 +488,7 @@
uids[numuids]=(uid_t)binsid2id(tmpvalues[numuids]);
else
{
+ errno=0;
uids[numuids]=(uid_t)strtol(tmpvalues[numuids],&tmp,0);
if ((*(tmpvalues[numuids])=='\0')||(*tmp!='\0'))
{
@@ -488,6 +496,12 @@
myldap_get_dn(entry),attmap_passwd_uidNumber);
return 0;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"passwd entry %s contains too large %s value",
+ myldap_get_dn(entry),attmap_passwd_uidNumber);
+ return 0;
+ }
}
}
}
@@ -512,6 +526,7 @@
myldap_get_dn(entry),attmap_passwd_gidNumber);
return 0;
}
+ errno=0;
gid=(gid_t)strtol(gidbuf,&tmp,0);
if ((gidbuf[0]=='\0')||(*tmp!='\0'))
{
@@ -519,6 +534,12 @@
myldap_get_dn(entry),attmap_passwd_gidNumber);
return 0;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"passwd entry %s contains too large %s value",
+ myldap_get_dn(entry),attmap_passwd_gidNumber);
+ return 0;
+ }
}
/* get the gecos for this entry */
attmap_get_value(entry,attmap_passwd_gecos,gecos,sizeof(gecos));
Modified: nss-pam-ldapd/nslcd/protocol.c
==============================================================================
--- nss-pam-ldapd/nslcd/protocol.c Sat Aug 27 17:08:40 2011 (r1522)
+++ nss-pam-ldapd/nslcd/protocol.c Sat Aug 27 22:57:18 2011 (r1523)
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010 Arthur de Jong
+ Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -143,6 +143,7 @@
log_log(LOG_WARNING,"protocol entry %s contains multiple %s values",
myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
}
+ errno=0;
proto=(int)strtol(protos[0],&tmp,0);
if ((*(protos[0])=='\0')||(*tmp!='\0'))
{
@@ -150,6 +151,12 @@
myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
return 0;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"protocol entry %s contains too large %s value",
+ myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
+ return 0;
+ }
/* write entry */
WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
WRITE_STRING(fp,name);
Modified: nss-pam-ldapd/nslcd/rpc.c
==============================================================================
--- nss-pam-ldapd/nslcd/rpc.c Sat Aug 27 17:08:40 2011 (r1522)
+++ nss-pam-ldapd/nslcd/rpc.c Sat Aug 27 22:57:18 2011 (r1523)
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010 Arthur de Jong
+ Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -144,6 +144,7 @@
log_log(LOG_WARNING,"rpc entry %s contains multiple %s values",
myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
}
+ errno=0;
number=(int)strtol(numbers[0],&tmp,0);
if ((*(numbers[0])=='\0')||(*tmp!='\0'))
{
@@ -151,6 +152,12 @@
myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
return 0;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"rpc entry %s contains too large %s value",
+ myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
+ return 0;
+ }
/* write the entry */
WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
WRITE_STRING(fp,name);
Modified: nss-pam-ldapd/nslcd/service.c
==============================================================================
--- nss-pam-ldapd/nslcd/service.c Sat Aug 27 17:08:40 2011 (r1522)
+++ nss-pam-ldapd/nslcd/service.c Sat Aug 27 22:57:18 2011 (r1523)
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010 Arthur de Jong
+ Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -172,6 +172,7 @@
log_log(LOG_WARNING,"service entry %s contains multiple %s values",
myldap_get_dn(entry),attmap_service_ipServicePort);
}
+ errno=0;
port=(int)strtol(ports[0],&tmp,0);
if ((*(ports[0])=='\0')||(*tmp!='\0'))
{
@@ -179,6 +180,12 @@
myldap_get_dn(entry),attmap_service_ipServicePort);
return 0;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"service entry %s contains too large %s value",
+ myldap_get_dn(entry),attmap_service_ipServicePort);
+ return 0;
+ }
/* get protocols */
protocols=myldap_get_values(entry,attmap_service_ipServiceProtocol);
if ((protocols==NULL)||(protocols[0]==NULL))
Modified: nss-pam-ldapd/nslcd/shadow.c
==============================================================================
--- nss-pam-ldapd/nslcd/shadow.c Sat Aug 27 17:08:40 2011 (r1522)
+++ nss-pam-ldapd/nslcd/shadow.c Sat Aug 27 22:57:18 2011 (r1523)
@@ -129,22 +129,34 @@
return -1; /* error */
strncpy(buffer,date,l);
buffer[l]='\0';
+ errno=0;
value=strtol(date,&tmp,0);
if ((*date=='\0')||(*tmp!='\0'))
{
log_log(LOG_WARNING,"shadow entry contains non-numeric %s value",attr);
return -1;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"shadow entry contains too large %s value",attr);
+ return -1;
+ }
return value/864-134774;
/* note that AD does not have expiry dates but a lastchangeddate
and some value that needs to be added */
}
+ errno=0;
value=strtol(date,&tmp,0);
if ((*date=='\0')||(*tmp!='\0'))
{
log_log(LOG_WARNING,"shadow entry contains non-numeric %s value",attr);
return -1;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"shadow entry contains too large %s value",attr);
+ return -1;
+ }
return value;
}
@@ -156,12 +168,19 @@
tmpvalue=attmap_get_value(entry,attmap_shadow_##att,buffer,sizeof(buffer)); \
if (tmpvalue==NULL) \
tmpvalue=""; \
+ errno=0; \
var=strtol(tmpvalue,&tmp,0); \
if ((*(tmpvalue)=='\0')||(*tmp!='\0')) \
{ \
log_log(LOG_WARNING,"shadow entry %s contains non-numeric %s value", \
myldap_get_dn(entry),attmap_shadow_##att); \
var=fallback; \
+ } \
+ else if (errno!=0) \
+ { \
+ log_log(LOG_WARNING,"shadow entry %s contains too large %s value", \
+ myldap_get_dn(entry),attmap_shadow_##att); \
+ var=fallback; \
}
void get_shadow_properties(MYLDAP_ENTRY *entry,long *lastchangedate,
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits
- nss-pam-ldapd commit: r1523 - nss-pam-ldapd/nslcd,
Commits of the nss-pam-ldapd project
