The branch, master has been updated
via b10d23b nwrap: Better check service string sanity.
via db42fc7 nwrap: Fix memory leak in nwrap_gethostbyname_r()
via 7cc2b35 nwrap: Fix memory leak in nwrap_files_gethostbyname()
from dcc2c37 nwrap: Fix memory leak in nwrap_he_unload()
https://git.samba.org/?p=nss_wrapper.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b10d23be266109e2569b4f814d554fc2b706a2a3
Author: Robin Hack <[email protected]>
Date: Tue Oct 13 14:41:14 2015 +0200
nwrap: Better check service string sanity.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11501
Patch use strtol() instead of atoi() to convert strings to numbers.
This helps better check sanity of service input string.
Signed-off-by: Robin Hack <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit db42fc7286ed2de4b9a3d14ce76ebd55ac5c5d48
Author: Robin Hack <[email protected]>
Date: Mon Oct 12 10:36:04 2015 +0200
nwrap: Fix memory leak in nwrap_gethostbyname_r()
Fix reimplements how memory is used.
Results from vector are copied to user provided buf.
Signed-off-by: Robin Hack <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 7cc2b350274a2fbad6aee25fd0374827e34f3a1d
Author: Robin Hack <[email protected]>
Date: Thu Oct 8 15:27:47 2015 +0200
nwrap: Fix memory leak in nwrap_files_gethostbyname()
Signed-off-by: Robin Hack <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
src/nss_wrapper.c | 79 ++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 55 insertions(+), 24 deletions(-)
Changeset truncated at 500 lines:
diff --git a/src/nss_wrapper.c b/src/nss_wrapper.c
index 3496162..21fc108 100644
--- a/src/nss_wrapper.c
+++ b/src/nss_wrapper.c
@@ -604,6 +604,8 @@ struct nwrap_vector {
item != NULL; \
(item) = (vect).items[++iter])
+#define nwrap_vector_is_initialized(vector) ((vector)->items != NULL)
+
static inline bool nwrap_vector_init(struct nwrap_vector *const vector)
{
if (vector == NULL) {
@@ -3323,10 +3325,16 @@ static int nwrap_files_gethostbyname(const char *name,
int af,
SAFE_FREE(h_name_lower);
/* Always cleanup vector and results */
- if (!nwrap_vector_init(addr_list)) {
- NWRAP_LOG(NWRAP_LOG_DEBUG,
- "Unable to initialize memory for addr_list vector");
- goto no_ent;
+ if (!nwrap_vector_is_initialized(addr_list)) {
+ if (!nwrap_vector_init(addr_list)) {
+ NWRAP_LOG(NWRAP_LOG_DEBUG,
+ "Unable to initialize memory for addr_list
vector");
+ goto no_ent;
+ }
+ } else {
+ /* When vector is initialized data are valid no more.
+ * Quick way how to free vector is: */
+ addr_list->count = 0;
}
/* Iterate through results */
@@ -3398,7 +3406,21 @@ static int nwrap_gethostbyname_r(const char *name,
return -1;
}
- memset(buf, '\0', buflen);
+ if (buflen < (addr_list->count * sizeof(void *))) {
+ SAFE_FREE(addr_list->items);
+ SAFE_FREE(addr_list);
+ return ERANGE;
+ }
+
+ /* Copy all to user provided buffer and change
+ * pointers in returned structure.
+ * +1 is for ending NULL pointer. */
+ memcpy(buf, addr_list->items, (addr_list->count + 1) * sizeof(void *));
+
+ free(addr_list->items);
+ free(addr_list);
+
+ ret->h_addr_list = (char **)buf;
*result = ret;
return 0;
}
@@ -5055,33 +5077,42 @@ static int nwrap_getaddrinfo(const char *node,
}
if (service != NULL && service[0] != '\0') {
- if (isdigit((int)service[0])) {
- port = (unsigned short)atoi(service);
- } else {
- const char *proto = NULL;
- struct servent *s;
+ const char *proto = NULL;
+ struct servent *s;
+ char *end_ptr;
+ long sl;
- if (hints->ai_protocol != 0) {
- struct protoent *pent;
+ errno = 0;
+ sl = strtol(service, &end_ptr, 10);
- pent = getprotobynumber(hints->ai_protocol);
- if (pent != NULL) {
- proto = pent->p_name;
- }
+ if (*end_ptr == '\0' || end_ptr != service) {
+ port = sl;
+ goto valid_port;
+ } else if (hints->ai_flags & AI_NUMERICSERV) {
+ return EAI_SERVICE;
+ }
+
+ if (hints->ai_protocol != 0) {
+ struct protoent *pent;
+
+ pent = getprotobynumber(hints->ai_protocol);
+ if (pent != NULL) {
+ proto = pent->p_name;
}
+ }
- s = getservbyname(service, proto);
- if (s != NULL) {
- port = ntohs(s->s_port);
- } else {
- if (p != NULL) {
- freeaddrinfo(p);
- }
- return EAI_SERVICE;
+ s = getservbyname(service, proto);
+ if (s != NULL) {
+ port = ntohs(s->s_port);
+ } else {
+ if (p != NULL) {
+ freeaddrinfo(p);
}
+ return EAI_SERVICE;
}
}
+valid_port:
rc = 0;
if (hints->ai_family == AF_UNSPEC || hints->ai_family == AF_INET) {
rc = inet_pton(AF_INET, node, &addr.in.v4);
--
NSS Wrapper Repository
