The branch, master has been updated
via ddac6b2eb4a util: Reallocate larger buffer if getpwuid_r() returns
ERANGE
via 847208cd8ac util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
via 922bce26689 util: Simplify input validation
from 7e36b1ec2e6 s3:libads: remove unused "GSSAPI" support
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ddac6b2eb4adaec8fc5e25ca07387d2b9417764c
Author: Martin Schwenke <[email protected]>
Date: Fri Jun 5 22:05:42 2020 +1000
util: Reallocate larger buffer if getpwuid_r() returns ERANGE
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Autobuild-User(master): Martin Schwenke <[email protected]>
Autobuild-Date(master): Tue Jun 9 21:07:24 UTC 2020 on sn-devel-184
commit 847208cd8ac68c4c7d1dae63767820db1c69292b
Author: Martin Schwenke <[email protected]>
Date: Fri Jun 5 21:52:23 2020 +1000
util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
NSS_BUFLEN_PASSWD is not defined on FreeBSD. Use
sysconf(_SC_GETPW_R_SIZE_MAX) instead, as per POSIX.
Use a dynamically allocated buffer instead of trying to cram all of
the logic into the declarations. This will come in useful later
anyway.
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
commit 922bce2668994dd2a5988c17060f977e9bb0c229
Author: Martin Schwenke <[email protected]>
Date: Tue Jun 9 11:52:50 2020 +1000
util: Simplify input validation
It appears that snprintf(3) is being used for input validation.
However, this seems like overkill because it causes szPath to be
copied an extra time. The mostly likely protections being sought
here, according to https://cwe.mitre.org/data/definitions/20.html,
look to be DoS attacks involving CPU and memory usage. A simpler
check that uses strnlen(3) can mitigate against both of these and is
simpler.
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
lib/util/util_paths.c | 47 ++++++++++++++++++++++++++++++++++++++---------
1 file changed, 38 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
index c0ee5c32c30..72cc0aab8de 100644
--- a/lib/util/util_paths.c
+++ b/lib/util/util_paths.c
@@ -68,25 +68,54 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
{
struct passwd pwd = {0};
struct passwd *pwdbuf = NULL;
- char buf[NSS_BUFLEN_PASSWD] = {0};
+ char *buf = NULL;
+ char *out = NULL;
+ long int initlen;
+ size_t len;
int rc;
- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
+ initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (initlen == -1) {
+ len = 1024;
+ } else {
+ len = (size_t)initlen;
+ }
+ buf = talloc_size(mem_ctx, len);
+ if (buf == NULL) {
+ return NULL;
+ }
+
+ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
+ while (rc == ERANGE) {
+ size_t newlen = 2 * len;
+ if (newlen < len) {
+ /* Overflow */
+ goto done;
+ }
+ len = newlen;
+ buf = talloc_realloc_size(mem_ctx, buf, len);
+ if (buf == NULL) {
+ goto done;
+ }
+ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
+ }
if (rc != 0 || pwdbuf == NULL ) {
- int len_written;
const char *szPath = getenv("HOME");
if (szPath == NULL) {
- return NULL;
+ goto done;
}
- len_written = snprintf(buf, sizeof(buf), "%s", szPath);
- if (len_written >= sizeof(buf) || len_written < 0) {
- /* Output was truncated or an error. */
+ len = strnlen(szPath, PATH_MAX);
+ if (len >= PATH_MAX) {
return NULL;
}
- return talloc_strdup(mem_ctx, buf);
+ out = talloc_strdup(mem_ctx, szPath);
+ goto done;
}
- return talloc_strdup(mem_ctx, pwd.pw_dir);
+ out = talloc_strdup(mem_ctx, pwd.pw_dir);
+done:
+ TALLOC_FREE(buf);
+ return out;
}
char *path_expand_tilde(TALLOC_CTX *mem_ctx, const char *d)
--
Samba Shared Repository
