lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1694 - nss-pam-ldapd/nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1694 - nss-pam-ldapd/nslcd



Author: arthur
Date: Sun May 20 21:53:56 2012
New Revision: 1694
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1694&view=revision

Log:
implement extra range checking of all numeric values

Modified:
   nss-pam-ldapd/nslcd/cfg.c
   nss-pam-ldapd/nslcd/common.c
   nss-pam-ldapd/nslcd/group.c
   nss-pam-ldapd/nslcd/passwd.c
   nss-pam-ldapd/nslcd/protocol.c
   nss-pam-ldapd/nslcd/rpc.c
   nss-pam-ldapd/nslcd/service.c
   nss-pam-ldapd/nslcd/shadow.c

Modified: nss-pam-ldapd/nslcd/cfg.c
==============================================================================
--- nss-pam-ldapd/nslcd/cfg.c   Fri May 18 16:21:48 2012        (r1693)
+++ nss-pam-ldapd/nslcd/cfg.c   Sun May 20 21:53:56 2012        (r1694)
@@ -450,7 +450,7 @@
   /* check if it is a valid numerical uid */
   errno=0;
   *var=strtouid(token,&tmp,10);
-  if ((*token!='\0')&&(*tmp=='\0')&&(errno==0))
+  if ((*token!='\0')&&(*tmp=='\0')&&(errno==0)&&(strchr(token,'-')==NULL))
     return;
   /* find by name */
   pwent=getpwnam(token);
@@ -476,7 +476,7 @@
   /* check if it is a valid numerical gid */
   errno=0;
   *var=strtogid(token,&tmp,10);
-  if ((*token!='\0')&&(*tmp=='\0')&&(errno==0))
+  if ((*token!='\0')&&(*tmp=='\0')&&(errno==0)&&(strchr(token,'-')==NULL))
     return;
   /* find by name */
   grent=getgrnam(token);

Modified: nss-pam-ldapd/nslcd/common.c
==============================================================================
--- nss-pam-ldapd/nslcd/common.c        Fri May 18 16:21:48 2012        (r1693)
+++ nss-pam-ldapd/nslcd/common.c        Sun May 20 21:53:56 2012        (r1694)
@@ -3,7 +3,7 @@
    This file is part of the nss-pam-ldapd library.
 
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -285,7 +285,7 @@
     errno=ERANGE;
     return UINT_MAX;
   }
-  /* If errno was set by strtoull, we'll pass it back as-is */
+  /* If errno was set by strtoul, we'll pass it back as-is */
   return (unsigned int)val;
 }
 #endif /* WANT_STRTOUI */

Modified: nss-pam-ldapd/nslcd/group.c
==============================================================================
--- nss-pam-ldapd/nslcd/group.c Fri May 18 16:21:48 2012        (r1693)
+++ nss-pam-ldapd/nslcd/group.c Sun May 20 21:53:56 2012        (r1694)
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2006 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -288,9 +288,9 @@
                               myldap_get_dn(entry),attmap_group_gidNumber);
           return 0;
         }
-        else if (errno!=0)
+        else if ((errno!=0)||(strchr(gidvalues[numgids],'-')!=NULL))
         {
-          log_log(LOG_WARNING,"%s: %s: too large",
+          log_log(LOG_WARNING,"%s: %s: out of range",
                               myldap_get_dn(entry),attmap_group_gidNumber);
           return 0;
         }

Modified: nss-pam-ldapd/nslcd/passwd.c
==============================================================================
--- nss-pam-ldapd/nslcd/passwd.c        Fri May 18 16:21:48 2012        (r1693)
+++ nss-pam-ldapd/nslcd/passwd.c        Sun May 20 21:53:56 2012        (r1694)
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -202,9 +202,9 @@
                             myldap_get_dn(entry),attmap_passwd_uidNumber);
         continue;
       }
-      else if (errno!=0)
+      else if ((errno!=0)||(strchr(values[i],'-')!=NULL))
       {
-        log_log(LOG_WARNING,"%s: %s: too large",
+        log_log(LOG_WARNING,"%s: %s: out of range",
                             myldap_get_dn(entry),attmap_passwd_uidNumber);
         continue;
       }
@@ -500,9 +500,9 @@
                               myldap_get_dn(entry),attmap_passwd_uidNumber);
           return 0;
         }
-        else if (errno!=0)
+        else if ((errno!=0)||(strchr(tmpvalues[numuids],'-')!=NULL))
         {
-          log_log(LOG_WARNING,"%s: %s: too large",
+          log_log(LOG_WARNING,"%s: %s: out of range",
                               myldap_get_dn(entry),attmap_passwd_uidNumber);
           return 0;
         }
@@ -538,9 +538,9 @@
                           myldap_get_dn(entry),attmap_passwd_gidNumber);
       return 0;
     }
-    else if (errno!=0)
+    else if ((errno!=0)||(strchr(gidbuf,'-')!=NULL))
     {
-      log_log(LOG_WARNING,"%s: %s: too large",
+      log_log(LOG_WARNING,"%s: %s: out of range",
                           myldap_get_dn(entry),attmap_passwd_gidNumber);
       return 0;
     }

Modified: nss-pam-ldapd/nslcd/protocol.c
==============================================================================
--- nss-pam-ldapd/nslcd/protocol.c      Fri May 18 16:21:48 2012        (r1693)
+++ nss-pam-ldapd/nslcd/protocol.c      Sun May 20 21:53:56 2012        (r1694)
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -28,6 +28,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdint.h>
 
 #include "common.h"
 #include "log.h"
@@ -107,7 +108,7 @@
   const char **aliases;
   const char **protos;
   char *tmp;
-  int proto;
+  long proto;
   int i;
   /* get the most canonical name */
   name=myldap_get_rdn_value(entry,attmap_protocol_cn);
@@ -144,16 +145,16 @@
                         myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
   }
   errno=0;
-  proto=(int)strtol(protos[0],&tmp,10);
+  proto=strtol(protos[0],&tmp,10);
   if ((*(protos[0])=='\0')||(*tmp!='\0'))
   {
     log_log(LOG_WARNING,"%s: %s: non-numeric",
                         myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
     return 0;
   }
-  else if (errno!=0)
+  else if ((errno!=0)||(proto<0)||(proto>UINT8_MAX))
   {
-    log_log(LOG_WARNING,"%s: %s: too large",
+    log_log(LOG_WARNING,"%s: %s: out of range",
                         myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
     return 0;
   }
@@ -161,6 +162,7 @@
   WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
   WRITE_STRING(fp,name);
   WRITE_STRINGLIST_EXCEPT(fp,aliases,name);
+  /* proto number is actually an 8-bit value but we write 32 bits anyway */
   WRITE_INT32(fp,proto);
   return 0;
 }

Modified: nss-pam-ldapd/nslcd/rpc.c
==============================================================================
--- nss-pam-ldapd/nslcd/rpc.c   Fri May 18 16:21:48 2012        (r1693)
+++ nss-pam-ldapd/nslcd/rpc.c   Sun May 20 21:53:56 2012        (r1694)
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -28,6 +28,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdint.h>
 
 #include "common.h"
 #include "log.h"
@@ -108,7 +109,7 @@
   const char **aliases;
   const char **numbers;
   char *tmp;
-  int number;
+  long number;
   int i;
   /* get the most canonical name */
   name=myldap_get_rdn_value(entry,attmap_rpc_cn);
@@ -145,16 +146,16 @@
                         myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
   }
   errno=0;
-  number=(int)strtol(numbers[0],&tmp,10);
+  number=strtol(numbers[0],&tmp,10);
   if ((*(numbers[0])=='\0')||(*tmp!='\0'))
   {
     log_log(LOG_WARNING,"%s: %s: non-numeric",
                         myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
     return 0;
   }
-  else if (errno!=0)
+  else if ((errno!=0)||(number>UINT32_MAX))
   {
-    log_log(LOG_WARNING,"%s: %s: too large",
+    log_log(LOG_WARNING,"%s: %s: out of range",
                         myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
     return 0;
   }

Modified: nss-pam-ldapd/nslcd/service.c
==============================================================================
--- nss-pam-ldapd/nslcd/service.c       Fri May 18 16:21:48 2012        (r1693)
+++ nss-pam-ldapd/nslcd/service.c       Sun May 20 21:53:56 2012        (r1694)
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -28,6 +28,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdint.h>
 
 #include "common.h"
 #include "log.h"
@@ -136,7 +137,7 @@
   const char **ports;
   const char **protocols;
   char *tmp;
-  int port;
+  long port;
   int i;
   /* get the most canonical name */
   name=myldap_get_rdn_value(entry,attmap_service_cn);
@@ -173,16 +174,16 @@
                         myldap_get_dn(entry),attmap_service_ipServicePort);
   }
   errno=0;
-  port=(int)strtol(ports[0],&tmp,10);
+  port=strtol(ports[0],&tmp,10);
   if ((*(ports[0])=='\0')||(*tmp!='\0'))
   {
     log_log(LOG_WARNING,"%s: %s: non-numeric value",
                         myldap_get_dn(entry),attmap_service_ipServicePort);
     return 0;
   }
-  else if (errno!=0)
+  else if ((errno!=0)||(port<=0)||(port>UINT16_MAX))
   {
-    log_log(LOG_WARNING,"%s: %s: too large",
+    log_log(LOG_WARNING,"%s: %s: out of range",
                         myldap_get_dn(entry),attmap_service_ipServicePort);
     return 0;
   }
@@ -201,6 +202,7 @@
       WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
       WRITE_STRING(fp,name);
       WRITE_STRINGLIST_EXCEPT(fp,aliases,name);
+      /* port number is actually a 16-bit value but we write 32 bits anyway */
       WRITE_INT32(fp,port);
       WRITE_STRING(fp,protocols[i]);
     }

Modified: nss-pam-ldapd/nslcd/shadow.c
==============================================================================
--- nss-pam-ldapd/nslcd/shadow.c        Fri May 18 16:21:48 2012        (r1693)
+++ nss-pam-ldapd/nslcd/shadow.c        Sun May 20 21:53:56 2012        (r1694)
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -138,7 +138,7 @@
     }
     else if (errno!=0)
     {
-      log_log(LOG_WARNING,"%s: %s: too large",dn,attr);
+      log_log(LOG_WARNING,"%s: %s: out of range",dn,attr);
       return -1;
     }
     return value/864-134774;
@@ -154,7 +154,7 @@
   }
   else if (errno!=0)
   {
-    log_log(LOG_WARNING,"%s: %s: too large",dn,attr);
+    log_log(LOG_WARNING,"%s: %s: out of range",dn,attr);
     return -1;
   }
   return value;
@@ -178,7 +178,7 @@
   } \
   else if (errno!=0) \
   { \
-    log_log(LOG_WARNING,"%s: %s: too large", \
+    log_log(LOG_WARNING,"%s: %s: out of range", \
                         myldap_get_dn(entry),attmap_shadow_##att); \
     var=fallback; \
   }
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/