lists.arthurdejong.org
RSS feed

nss-pam-ldapd branch 0.7.15+squeeze created. 0.7.15+squeeze4

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd branch 0.7.15+squeeze created. 0.7.15+squeeze4



This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, 0.7.15+squeeze has been created
        at  e0ddde7df38cef58dc84818f550412192b2aab12 (commit)

- Log -----------------------------------------------------------------
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=e0ddde7df38cef58dc84818f550412192b2aab12

commit e0ddde7df38cef58dc84818f550412192b2aab12
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun May 12 10:05:33 2013 +0000

    get files ready for 0.7.15+squeeze4 release
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1970 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/debian/changelog b/debian/changelog
index 3d5cb02..ff371e9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+nss-pam-ldapd (0.7.15+squeeze4) squeeze-security; urgency=low
+
+  * fix FTBFS on kFreeBSD (see #690319)
+  * debian/nslcd.config: handle options that are specified multiple times
+    in nslcd.conf consistently (closes: #700971)
+
+ -- Arthur de Jong <adejong@debian.org>  Sun, 12 May 2013 12:00:00 +0200
+
 nss-pam-ldapd (0.7.15+squeeze3) stable-security; urgency=high
 
   * SECURITY FIX: Garth Mollett discovered that a file descriptor overflow

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=911ef0efb70976bb1b0a95859b4ab8da0d64d5f9

commit 911ef0efb70976bb1b0a95859b4ab8da0d64d5f9
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun May 12 10:00:59 2013 +0000

    get the first configuration value instead of the last because that one is 
also written (based on r1567 from 0.8)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1969 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/debian/nslcd.config b/debian/nslcd.config
index 2ca8dc8..e5bcba2 100644
--- a/debian/nslcd.config
+++ b/debian/nslcd.config
@@ -78,7 +78,7 @@ parsecfg()
     if [ -z "$uris" ]
     then
       hosts=`sed -n 's/^host[[:space:]]*//ip' "$cfgfile"`
-      port=`sed -n 's/^port[[:space:]]*//ip' "$cfgfile" | tail -n 1`
+      port=`sed -n 's/^port[[:space:]]*//ip' "$cfgfile" | head -n 1`
       for host in $hosts
       do
         if [ -z "$port" ] || (echo "$host" | grep -q ':' )
@@ -95,21 +95,21 @@ parsecfg()
   db_get nslcd/ldap-base
   if [ -z "$RET" ]
   then
-    searchbase=`sed -n 
's/^base[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 
1`
+    searchbase=`sed -n 
's/^base[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' "$cfgfile" | head -n 
1`
     [ -n "$searchbase" ] && db_set nslcd/ldap-base "$searchbase"
   fi
   # find binddn
   db_get nslcd/ldap-binddn
   if [ -z "$RET" ]
   then
-    binddn=`sed -n 's/^binddn[[:space:]]*//ip' "$cfgfile" | tail -n 1`
+    binddn=`sed -n 's/^binddn[[:space:]]*//ip' "$cfgfile" | head -n 1`
     db_set nslcd/ldap-binddn "$binddn"
   fi
   # find bindpw
   db_get nslcd/ldap-bindpw
   if [ -z "$RET" ]
   then
-    bindpw=`sed -n 's/^bindpw[[:space:]]*//ip' "$cfgfile" | tail -n 1`
+    bindpw=`sed -n 's/^bindpw[[:space:]]*//ip' "$cfgfile" | head -n 1`
     db_set nslcd/ldap-bindpw "$bindpw"
   fi
   # check ssl option
@@ -128,7 +128,7 @@ parsecfg()
   db_get nslcd/ldap-reqcert
   if [ -z "$RET" ]
   then
-    reqcert=`sed -n 
's/^tls_\(reqcert\|checkpeer\)[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\2/ip' 
"$cfgfile" | tail -n 1`
+    reqcert=`sed -n 
's/^tls_\(reqcert\|checkpeer\)[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\2/ip' 
"$cfgfile" | head -n 1`
     # normalise value
     reqcert=`echo "$reqcert" | tr 'A-Z' 'a-z' | sed 
's/^no$/never/;s/^yes$/demand/;s/^hard$/demand/'`
     [ -n "$reqcert" ] && db_set nslcd/ldap-reqcert "$reqcert"

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=4786002ae02d8157308eae66abb71d91fc4cf4ac

commit 4786002ae02d8157308eae66abb71d91fc4cf4ac
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Thu May 2 21:57:03 2013 +0000

    use the more portable EBADF instead of EBADFD (thanks Steven Chamberlain) 
(r1951 from 0.7)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1952 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/common/tio.c b/common/tio.c
index 245b7c6..0cda64f 100644
--- a/common/tio.c
+++ b/common/tio.c
@@ -185,7 +185,7 @@ static int tio_select(TFILE *fp, int readfd, const struct 
timeval *deadline)
     /* prepare our filedescriptorset */
     if (fp->fd>=FD_SETSIZE)
     {
-      errno=EBADFD;
+      errno=EBADF;
       return -1;
     }
     FD_ZERO(&fdset);
@@ -397,7 +397,7 @@ static int tio_flush_nonblock(TFILE *fp)
   /* prepare our filedescriptorset */
   if (fp->fd>=FD_SETSIZE)
   {
-    errno=EBADFD;
+    errno=EBADF;
     return -1;
   }
   FD_ZERO(&fdset);

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f1ae2a057de7dbbc2ab3c5b7dca0b182cbf91d6b

commit f1ae2a057de7dbbc2ab3c5b7dca0b182cbf91d6b
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Mon Feb 18 17:09:19 2013 +0000

    get files ready for 0.7.15+squeeze3 release
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1927 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/debian/changelog b/debian/changelog
index fcc2179..3d5cb02 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+nss-pam-ldapd (0.7.15+squeeze3) stable-security; urgency=high
+
+  * SECURITY FIX: Garth Mollett discovered that a file descriptor overflow
+                  issue in the use of FD_SET() in nss-pam-ldapd can lead
+                  to a stack-based buffer overflow (CVE-2013-0288)
+                  this bug has been fixed by extra range checking before
+                  calling FD_SET() (backported from 0.7.18) (closes: #690319)
+
+ -- Arthur de Jong <adejong@debian.org>  Fri, 15 Feb 2013 23:00:00 +0100
+
 nss-pam-ldapd (0.7.15+squeeze2) stable; urgency=low
 
   * support larger gecos values (closes: #640781) (backported from 0.7.17)

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=dbd5dfe1c642cc757dda1621495a2899cb6bbb46

commit dbd5dfe1c642cc757dda1621495a2899cb6bbb46
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Mon Feb 18 17:07:52 2013 +0000

    check if the file descriptor can be stored in the select() file descriptor 
set (r1781 from 0.8, r1782 from 0.7)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1926 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/common/tio.c b/common/tio.c
index 0914a4a..245b7c6 100644
--- a/common/tio.c
+++ b/common/tio.c
@@ -183,6 +183,11 @@ static int tio_select(TFILE *fp, int readfd, const struct 
timeval *deadline)
   while (1)
   {
     /* prepare our filedescriptorset */
+    if (fp->fd>=FD_SETSIZE)
+    {
+      errno=EBADFD;
+      return -1;
+    }
     FD_ZERO(&fdset);
     FD_SET(fp->fd,&fdset);
     /* figure out the time we need to wait */
@@ -390,6 +395,11 @@ static int tio_flush_nonblock(TFILE *fp)
   fd_set fdset;
   int rv;
   /* prepare our filedescriptorset */
+  if (fp->fd>=FD_SETSIZE)
+  {
+    errno=EBADFD;
+    return -1;
+  }
   FD_ZERO(&fdset);
   FD_SET(fp->fd,&fdset);
   /* set the timeout to 0 to poll */

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=db1609ae88070e03f4706e48c5781c4a4ea832f2

commit db1609ae88070e03f4706e48c5781c4a4ea832f2
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Sep 21 08:35:25 2012 +0000

    get files ready for 0.7.15+squeeze2 release
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1775 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/debian/changelog b/debian/changelog
index a0bee58..fcc2179 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+nss-pam-ldapd (0.7.15+squeeze2) stable; urgency=low
+
+  * support larger gecos values (closes: #640781) (backported from 0.7.17)
+  * fix two possible NULL pointer dereferences (backported from 0.7.17)
+  * increase buffer used for pam_authz_search as suggested by Chris J Arges
+    (backported from 0.7.16)
+  * fix logging of invalid pam_authz_search value (LP: #951343) (backported
+    from 0.7.16)
+  * implement proper range checking of numeric values returned from LDAP
+    (thanks Jakub Hrozek) (backported from 0.7.16)
+
+ -- Arthur de Jong <adejong@debian.org>  Fri, 21 Sep 2012 10:00:00 +0200
+
 nss-pam-ldapd (0.7.15+squeeze1) stable; urgency=low
 
   * fix an issue where changes in /etc/nsswitch.conf were not correctly

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=87505e69a19e3a544e4a18b5a236a79a89ca050c

commit 87505e69a19e3a544e4a18b5a236a79a89ca050c
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Sep 21 08:24:20 2012 +0000

    don't shrink the buffer for passwd shell value (was part of r1750)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1774 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index ec2d38b..ddbe8ce 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -299,7 +299,7 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const 
char *requser,
   gid_t gid;
   char gecos[1024];
   char homedir[256];
-  char shell[64];
+  char shell[100];
   int i,j;
   /* get the usernames for this entry */
   usernames=myldap_get_values(entry,attmap_passwd_uid);

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=a64cf12a336fe33d0e2d2ddd4c28981a78cae9c7

commit a64cf12a336fe33d0e2d2ddd4c28981a78cae9c7
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Thu Sep 20 18:36:04 2012 +0000

    fix log message for invalid pam_authz_search as reported by Matt Rae (based 
on r1628 from 0.8, r1629 from 0.7)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1773 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/nslcd/pam.c b/nslcd/pam.c
index a4fcf5a..d78ed8e 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -242,7 +242,7 @@ static int try_autzsearch(MYLDAP_SESSION *session,DICT 
*dict,const char *searchf
   if (expr_parse(searchfilter,filter_buffer,sizeof(filter_buffer),
                  autzsearch_var_get,(void *)dict)==NULL)
   {
-    log_log(LOG_ERR,"pam_authz_search \"%s\" is invalid",searchfilter);
+    log_log(LOG_ERR,"invalid pam_authz_search \"%s\"",searchfilter);
     return -1;
   }
   log_log(LOG_DEBUG,"trying pam_authz_search \"%s\"",filter_buffer);

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=6d11c9da714700bfc152f1fe79d88cacada8f571

commit 6d11c9da714700bfc152f1fe79d88cacada8f571
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Thu Sep 20 18:34:03 2012 +0000

    implements proper range checking numeric values returned from LDAP (thanks 
Jakub Hrozek) (r1523, r1524 and r1528 from 0.8, r1600 from 0.7)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1772 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/AUTHORS b/AUTHORS
index 315b5f1..8ec88d9 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -79,3 +79,4 @@ Leigh Wedding <lwedding@bigpond.com>
 Jan Schampera <jan.schampera@web.de>
 Nalin Dahyabhai <nalin@redhat.com>
 Daniel Dehennin <daniel.dehennin@baby-gnu.org>
+Jakub Hrozek <jhrozek@redhat.com>
diff --git a/configure.ac b/configure.ac
index 2062647..6ee43ac 100644
--- a/configure.ac
+++ b/configure.ac
@@ -222,7 +222,7 @@ AC_C_CONST
 AC_CHECK_FUNCS([sigaction snprintf])
 AC_CHECK_FUNCS(gethostbyname)
 AC_SEARCH_LIBS(socket,socket)
-AC_CHECK_FUNCS([strcasecmp strncasecmp strchr strcspn strspn strtol])
+AC_CHECK_FUNCS([strcasecmp strncasecmp strchr strcspn strspn strtol strtoul 
strtoull])
 AC_CHECK_FUNCS([malloc realloc])
 AC_FUNC_FORK
 
@@ -235,6 +235,11 @@ AC_TYPE_INT32_T
 AC_TYPE_UINT8_T
 AC_TYPE_UINT16_T
 AC_TYPE_UINT32_T
+AC_CHECK_SIZEOF(unsigned int)
+AC_CHECK_SIZEOF(unsigned long int)
+AC_CHECK_SIZEOF(unsigned long long int)
+AC_CHECK_SIZEOF(uid_t)
+AC_CHECK_SIZEOF(gid_t)
 
 # check for support for the __thread keyword
 AC_CACHE_CHECK([whether $CC supports '__thread'], [mn_cv_c___thread_supported],
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 1653c1a..4992c9a 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -442,8 +442,9 @@ static void get_uid(const char *filename,int lnr,
   char *tmp;
   
check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL);
   /* check if it is a valid numerical uid */
-  *var=(uid_t)strtol(token,&tmp,0);
-  if ((*token!='\0')&&(*tmp=='\0'))
+  errno=0;
+  *var=strtouid(token,&tmp,0);
+  if ((*token!='\0')&&(*tmp=='\0')&&(errno==0))
     return;
   /* find by name */
   pwent=getpwnam(token);
@@ -467,8 +468,9 @@ static void get_gid(const char *filename,int lnr,
   char *tmp;
   
check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL);
   /* check if it is a valid numerical gid */
-  *var=(gid_t)strtol(token,&tmp,0);
-  if ((*token!='\0')&&(*tmp=='\0'))
+  errno=0;
+  *var=strtogid(token,&tmp,0);
+  if ((*token!='\0')&&(*tmp=='\0')&&(errno==0))
     return;
   /* find by name */
   grent=getgrnam(token);
diff --git a/nslcd/common.c b/nslcd/common.c
index d88bb60..3e8b87d 100644
--- a/nslcd/common.c
+++ b/nslcd/common.c
@@ -3,7 +3,7 @@
    This file is part of the nss-pam-ldapd library.
 
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2011 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -176,3 +176,20 @@ int read_address(TFILE *fp,char *addr,int *addrlen,int *af)
   /* we're done */
   return 0;
 }
+
+#ifdef WANT_STRTOUI
+/* provide a strtoui() implementation, similar to strtoul() but returning
+   an range-checked unsigned int instead */
+unsigned int strtoui(const char *nptr,char **endptr,int base)
+{
+  unsigned long val;
+  val=strtoul(nptr,endptr,base);
+  if (val>UINT_MAX)
+  {
+    errno=ERANGE;
+    return UINT_MAX;
+  }
+  /* If errno was set by strtoull, we'll pass it back as-is */
+  return (unsigned int)val;
+}
+#endif /* WANT_STRTOUI */
diff --git a/nslcd/common.h b/nslcd/common.h
index 1b2aa1c..e7710bf 100644
--- a/nslcd/common.h
+++ b/nslcd/common.h
@@ -3,7 +3,7 @@
    This file is part of the nss-pam-ldapd library.
 
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -94,6 +94,37 @@ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char 
*uid);
 /* transforms the uid into a DN by doing an LDAP lookup */
 MUST_USE char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t 
buflen);
 
+/* provide strtouid() function alias */
+#if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT
+#define strtouid (uid_t)strtoul
+#elif SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_LONG_INT
+#define strtouid (uid_t)strtoull
+#elif SIZEOF_UID_T == SIZEOF_UNSIGNED_INT
+#define WANT_STRTOUI 1
+#define strtouid (uid_t)strtoui
+#else
+#error unable to find implementation for strtouid()
+#endif
+
+/* provide strtouid() function alias */
+#if SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_INT
+#define strtogid (gid_t)strtoul
+#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_LONG_INT
+#define strtogid (gid_t)strtoull
+#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_INT
+#ifndef WANT_STRTOUI
+#define WANT_STRTOUI 1
+#endif
+#define strtogid (uid_t)strtoui
+#else
+#error unable to find implementation for strtogid()
+#endif
+
+#ifdef WANT_STRTOUI
+/* provide a strtoui() if it is needed */
+unsigned int strtoui(const char *nptr,char **endptr,int base);
+#endif /* WANT_STRTOUI */
+
 /* these are the functions for initialising the database specific
    modules */
 void alias_init(void);
diff --git a/nslcd/group.c b/nslcd/group.c
index dfbb8fa..8397fe2 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -251,13 +251,20 @@ static int write_group(TFILE *fp,MYLDAP_ENTRY 
*entry,const char *reqname,
     }
     for 
(numgids=0;(gidvalues[numgids]!=NULL)&&(numgids<MAXGIDS_PER_ENTRY);numgids++)
     {
-      gids[numgids]=(gid_t)strtol(gidvalues[numgids],&tmp,0);
+      errno=0;
+      gids[numgids]=strtogid(gidvalues[numgids],&tmp,0);
       if ((*(gidvalues[numgids])=='\0')||(*tmp!='\0'))
       {
         log_log(LOG_WARNING,"group entry %s contains non-numeric %s value",
                             myldap_get_dn(entry),attmap_group_gidNumber);
         return 0;
       }
+      else if (errno!=0)
+      {
+        log_log(LOG_WARNING,"group entry %s contains too large %s value",
+                            myldap_get_dn(entry),attmap_group_gidNumber);
+        return 0;
+      }
     }
   }
   /* get group passwd (userPassword) (use only first entry) */
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index 82c5062..ec2d38b 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -338,13 +338,20 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY 
*entry,const char *requser,
     }
     for 
(numuids=0;(numuids<MAXUIDS_PER_ENTRY)&&(tmpvalues[numuids]!=NULL);numuids++)
     {
-      uids[numuids]=(uid_t)strtol(tmpvalues[numuids],&tmp,0);
+      errno=0;
+      uids[numuids]=strtouid(tmpvalues[numuids],&tmp,0);
       if ((*(tmpvalues[numuids])=='\0')||(*tmp!='\0'))
       {
         log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",
                             myldap_get_dn(entry),attmap_passwd_uidNumber);
         return 0;
       }
+      else if (errno!=0)
+      {
+        log_log(LOG_WARNING,"passwd entry %s contains too large %s value",
+                            myldap_get_dn(entry),attmap_passwd_uidNumber);
+        return 0;
+      }
     }
   }
   /* get the gid for this entry */
@@ -355,13 +362,20 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY 
*entry,const char *requser,
                         myldap_get_dn(entry),attmap_passwd_gidNumber);
     return 0;
   }
-  gid=(gid_t)strtol(gidbuf,&tmp,0);
+  errno=0;
+  gid=strtogid(gidbuf,&tmp,0);
   if ((gidbuf[0]=='\0')||(*tmp!='\0'))
   {
     log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",
                         myldap_get_dn(entry),attmap_passwd_gidNumber);
     return 0;
   }
+  else if (errno!=0)
+  {
+    log_log(LOG_WARNING,"passwd entry %s contains too large %s value",
+                        myldap_get_dn(entry),attmap_passwd_gidNumber);
+    return 0;
+  }
   /* get the gecos for this entry */
   attmap_get_value(entry,attmap_passwd_gecos,gecos,sizeof(gecos));
   /* get the home directory for this entry */
diff --git a/nslcd/protocol.c b/nslcd/protocol.c
index 3760aa9..10cf166 100644
--- a/nslcd/protocol.c
+++ b/nslcd/protocol.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2009, 2010 Arthur de Jong
+   Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -143,6 +143,7 @@ static int write_protocol(TFILE *fp,MYLDAP_ENTRY 
*entry,const char *reqname)
     log_log(LOG_WARNING,"protocol entry %s contains multiple %s values",
                         myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
   }
+  errno=0;
   proto=(int)strtol(protos[0],&tmp,0);
   if ((*(protos[0])=='\0')||(*tmp!='\0'))
   {
@@ -150,6 +151,12 @@ static int write_protocol(TFILE *fp,MYLDAP_ENTRY 
*entry,const char *reqname)
                         myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
     return 0;
   }
+  else if (errno!=0)
+  {
+    log_log(LOG_WARNING,"protocol entry %s contains too large %s value",
+                        myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
+    return 0;
+  }
   /* write entry */
   WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
   WRITE_STRING(fp,name);
diff --git a/nslcd/rpc.c b/nslcd/rpc.c
index 4ceb9c0..08d6a2c 100644
--- a/nslcd/rpc.c
+++ b/nslcd/rpc.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2009, 2010 Arthur de Jong
+   Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -144,6 +144,7 @@ static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry,const 
char *reqname)
     log_log(LOG_WARNING,"rpc entry %s contains multiple %s values",
                         myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
   }
+  errno=0;
   number=(int)strtol(numbers[0],&tmp,0);
   if ((*(numbers[0])=='\0')||(*tmp!='\0'))
   {
@@ -151,6 +152,12 @@ static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry,const 
char *reqname)
                         myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
     return 0;
   }
+  else if (errno!=0)
+  {
+    log_log(LOG_WARNING,"rpc entry %s contains too large %s value",
+                        myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
+    return 0;
+  }
   /* write the entry */
   WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
   WRITE_STRING(fp,name);
diff --git a/nslcd/service.c b/nslcd/service.c
index d55647b..be1a10c 100644
--- a/nslcd/service.c
+++ b/nslcd/service.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2009, 2010 Arthur de Jong
+   Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -172,6 +172,7 @@ static int write_service(TFILE *fp,MYLDAP_ENTRY *entry,
     log_log(LOG_WARNING,"service entry %s contains multiple %s values",
                         myldap_get_dn(entry),attmap_service_ipServicePort);
   }
+  errno=0;
   port=(int)strtol(ports[0],&tmp,0);
   if ((*(ports[0])=='\0')||(*tmp!='\0'))
   {
@@ -179,6 +180,12 @@ static int write_service(TFILE *fp,MYLDAP_ENTRY *entry,
                         myldap_get_dn(entry),attmap_service_ipServicePort);
     return 0;
   }
+  else if (errno!=0)
+  {
+    log_log(LOG_WARNING,"service entry %s contains too large %s value",
+                        myldap_get_dn(entry),attmap_service_ipServicePort);
+    return 0;
+  }
   /* get protocols */
   protocols=myldap_get_values(entry,attmap_service_ipServiceProtocol);
   if ((protocols==NULL)||(protocols[0]==NULL))
diff --git a/nslcd/shadow.c b/nslcd/shadow.c
index c91165d..1e3f15a 100644
--- a/nslcd/shadow.c
+++ b/nslcd/shadow.c
@@ -128,22 +128,34 @@ static long to_date(const char *date,const char *attr)
       return 0; /* error */
     strncpy(buffer,date,l);
     buffer[l]='\0';
+    errno=0;
     value=strtol(date,&tmp,0);
     if ((*date=='\0')||(*tmp!='\0'))
     {
       log_log(LOG_WARNING,"shadow entry contains non-numeric %s value",attr);
       return 0;
     }
+    else if (errno!=0)
+    {
+      log_log(LOG_WARNING,"shadow entry contains too large %s value",attr);
+      return -1;
+    }
     return value/864-134774;
     /* note that AD does not have expiry dates but a lastchangeddate
        and some value that needs to be added */
   }
+  errno=0;
   value=strtol(date,&tmp,0);
   if ((*date=='\0')||(*tmp!='\0'))
   {
     log_log(LOG_WARNING,"shadow entry contains non-numeric %s value",attr);
     return 0;
   }
+  else if (errno!=0)
+  {
+    log_log(LOG_WARNING,"shadow entry contains too large %s value",attr);
+    return -1;
+  }
   return value;
 }
 
@@ -155,12 +167,19 @@ static long to_date(const char *date,const char *attr)
   tmpvalue=attmap_get_value(entry,attmap_shadow_##att,buffer,sizeof(buffer)); \
   if (tmpvalue==NULL) \
     tmpvalue=""; \
+  errno=0; \
   var=strtol(tmpvalue,&tmp,0); \
   if ((*(tmpvalue)=='\0')||(*tmp!='\0')) \
   { \
     log_log(LOG_WARNING,"shadow entry %s contains non-numeric %s value", \
                         myldap_get_dn(entry),attmap_shadow_##att); \
     return 0; \
+  } \
+  else if (errno!=0) \
+  { \
+    log_log(LOG_WARNING,"shadow entry %s contains too large %s value", \
+                        myldap_get_dn(entry),attmap_shadow_##att); \
+    return 0; \
   }
 
 #define GET_OPTIONAL_DATE(var,att) \

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=927a27faf2a934e615d58bdccbd265490146b90c

commit 927a27faf2a934e615d58bdccbd265490146b90c
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sat Sep 8 14:17:50 2012 +0000

    increase buffer for pam_authz_search as suggested by Chris J Arges (r1643 
from 0.8, r1648 from 0.7)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1753 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/nslcd/pam.c b/nslcd/pam.c
index cd5042e..a4fcf5a 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -2,7 +2,7 @@
    pam.c - pam processing routines
 
    Copyright (C) 2009 Howard Chu
-   Copyright (C) 2009, 2010 Arthur de Jong
+   Copyright (C) 2009, 2010, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -233,7 +233,7 @@ static const char *autzsearch_var_get(const char *name,void 
*expander_attr)
 
 static int try_autzsearch(MYLDAP_SESSION *session,DICT *dict,const char 
*searchfilter)
 {
-  char filter_buffer[1024];
+  char filter_buffer[4096];
   MYLDAP_SEARCH *search;
   MYLDAP_ENTRY *entry;
   static const char *attrs[2];

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=cb39645e9a9bb352c1c9cb8f82f01c541a9328f4

commit cb39645e9a9bb352c1c9cb8f82f01c541a9328f4
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sat Sep 8 13:09:38 2012 +0000

    fix possible NULL pointer dereference (r1591 from 0.8, r1730 from 0.7)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1752 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/nslcd/netgroup.c b/nslcd/netgroup.c
index 298b1ab..ee912a3 100644
--- a/nslcd/netgroup.c
+++ b/nslcd/netgroup.c
@@ -209,6 +209,12 @@ static int write_netgroup(TFILE *fp,MYLDAP_ENTRY *entry, 
const char *reqname)
   const char **members;
   /* get the netgroup name */
   names=myldap_get_values(entry,attmap_netgroup_cn);
+  if ((names==NULL)||(names[0]==NULL))
+  {
+    log_log(LOG_WARNING,"%s: %s: missing",
+                        myldap_get_dn(entry),attmap_netgroup_cn);
+    return 0;
+  }
   for (i=0;(names[i]!=NULL)&&(strcmp(reqname,names[i])!=0);i++)
     /* nothing here */ ;
   if (names[i]==NULL)

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=bd4b7360924a52cf7e79f34d90454d8f238700f1

commit bd4b7360924a52cf7e79f34d90454d8f238700f1
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sat Sep 8 13:08:51 2012 +0000

    fix possible NULL pointer dereference (r1589 from 0.8, r1728 from 0.7)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1751 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/nslcd/pam.c b/nslcd/pam.c
index e222219..cd5042e 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -107,8 +107,11 @@ static int validate_user(MYLDAP_SESSION *session,char 
*userdn,size_t userdnsz,
       /* get the username from the uid attribute */
       values=myldap_get_values(entry,attmap_passwd_uid);
       if ((values==NULL)||(values[0]==NULL))
+      {
         log_log(LOG_WARNING,"\"%s\": DN %s is missing a %s attribute",
                             username,userdn,attmap_passwd_uid);
+        return -1;
+      }
       value=values[0];
     }
     /* check the username */

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=6ff85733d6e3a50354fb1ff7ac3d3ab5b6825bee

commit 6ff85733d6e3a50354fb1ff7ac3d3ab5b6825bee
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sat Sep 8 13:06:33 2012 +0000

    grow gecos buffer size and consistency improvements to other buffers (r1540 
from 0.8 branch, r1727 from 0.7 branch)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1750 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/nslcd/network.c b/nslcd/network.c
index 89e0bea..7ed3895 100644
--- a/nslcd/network.c
+++ b/nslcd/network.c
@@ -65,7 +65,7 @@ static const char *network_attrs[3];
 static int mkfilter_network_byname(const char *name,
                                    char *buffer,size_t buflen)
 {
-  char safename[1024];
+  char safename[300];
   /* escape attribute */
   if (myldap_escape(name,safename,sizeof(safename)))
     return -1;
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index 1c4e8e4..82c5062 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -297,9 +297,9 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const 
char *requser,
   int numuids;
   char gidbuf[32];
   gid_t gid;
-  char gecos[100];
-  char homedir[100];
-  char shell[100];
+  char gecos[1024];
+  char homedir[256];
+  char shell[64];
   int i,j;
   /* get the usernames for this entry */
   usernames=myldap_get_values(entry,attmap_passwd_uid);

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=4db70dd0b3182cae690fee8cb21a7a8d51864dab

commit 4db70dd0b3182cae690fee8cb21a7a8d51864dab
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jan 20 16:59:48 2012 +0000

    get files ready for 0.7.15+squeeze1 release
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1608 
ef36b2f9-881f-0410-afb5-c4e39611909c

diff --git a/debian/changelog b/debian/changelog
index fdaa28c..a0bee58 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+nss-pam-ldapd (0.7.15+squeeze1) stable; urgency=low
+
+  * fix an issue where changes in /etc/nsswitch.conf were not correctly
+    picked up and could lead to lookups being disabled on upgrade
+    (closes: #645599)
+  * fix an issue with detecting the uid of the calling process
+  * fix a problem in the disconnect logic code
+
+ -- Arthur de Jong <adejong@debian.org>  Fri, 20 Jan 2012 15:30:00 +0100
+
 nss-pam-ldapd (0.7.15) stable; urgency=low
 
   * in debconf, treat the "hard" value for tls_reqcert as if it was "demand"

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=c31ade370e1e4e424e924cac53c600ca654976a4

commit c31ade370e1e4e424e924cac53c600ca654976a4
Merge: c02c2a9 b04706b
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jan 20 14:34:13 2012 +0000

    fix a typo in disconnect logic (merged r1561 from 0.7 branch, part of r1560 
from 0.8)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1602 
ef36b2f9-881f-0410-afb5-c4e39611909c


https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=c02c2a9cbf89daa3bc8f2efeaf0f5ec41cca7983

commit c02c2a9cbf89daa3bc8f2efeaf0f5ec41cca7983
Merge: c8800c0 22c302f
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jan 20 14:25:28 2012 +0000

    ensure that uid, gid and pid vars are properly initialised (merged r1559 
from 0.7 branch, part of r1558 from 0.8)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1601 
ef36b2f9-881f-0410-afb5-c4e39611909c


https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=c8800c092636b53129d115482fd4f6c8b1bc8738

commit c8800c092636b53129d115482fd4f6c8b1bc8738
Merge: 3d2a45f 8ee9eb9
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jan 20 10:30:45 2012 +0000

    fix an issues where changes to /etc/nsswitch.conf outside of debconf were 
not picked up (merged r1555 from 0.7 branch, like r1597 from 0.8)
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1599 
ef36b2f9-881f-0410-afb5-c4e39611909c


https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=3d2a45f9d31688b6f2dafc43c7a4a734ed3e1da4

commit 3d2a45f9d31688b6f2dafc43c7a4a734ed3e1da4
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jan 20 10:24:34 2012 +0000

    make a 0.7.15+squeeze branch to track updates to the Debian squeeze version
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15+squeeze@1598 
ef36b2f9-881f-0410-afb5-c4e39611909c

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=47e938bc1246d6058f5be31d8f7dede9538f8437

commit 47e938bc1246d6058f5be31d8f7dede9538f8437
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Oct 2 09:47:22 2011 +0000

    release 0.7.15
    
    git-svn-id: 
http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7.15@1550 
ef36b2f9-881f-0410-afb5-c4e39611909c

-----------------------------------------------------------------------


hooks/post-receive
-- 
nss-pam-ldapd
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-commits/