URL: https://github.com/SSSD/sssd/pull/449
Author: amitkumar50
 Title: #449: cache: Check for max_id/min_id in cache_req
Action: opened

PR body:
"""
The cache_req code doesn't check the min_id/max_id
boundaries for requests by ID.
Extending the .lookup_fn function in each plugin
that searches by ID for a check that returns 0
if the entry is out of the range.

Resolves: https://pagure.io/SSSD/sssd/issue/3569
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/449/head:pr449
git checkout pr449
From f9956e4f19325fca294f941b1a18bae9567afc03 Mon Sep 17 00:00:00 2001
From: amitkuma <amitk...@redhat.com>
Date: Tue, 14 Nov 2017 16:44:06 +0530
Subject: [PATCH] cache: Check for max_id/min_id in cache_req

The cache_req code doesn't check the min_id/max_id
boundaries for requests by ID.
Extending the .lookup_fn function in each plugin
that searches by ID for a check that returns 0
if the entry is out of the range.

Resolves: https://pagure.io/SSSD/sssd/issue/3569
---
 src/db/sysdb_ops.c    |  4 +++-
 src/db/sysdb_search.c | 12 ++++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 1539c41c9..1fa493dd8 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -4909,7 +4909,9 @@ errno_t sysdb_search_object_by_id(TALLOC_CTX *mem_ctx,
     if (filter == NULL) {
         return ENOMEM;
     }
-
+    if (id > 20000 || id < 0) {
+        return 0;
+    }
     ret = sysdb_search_object_attr(mem_ctx, domain, filter, attrs, true, res);
 
     talloc_free(filter);
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index 808396690..1d52b4fcb 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -364,7 +364,7 @@ errno_t sysdb_getpwuid_with_views(TALLOC_CTX *mem_ctx,
                                   uid_t uid,
                                   struct ldb_result **res)
 {
-    int ret;
+    int ret = 0;
     struct ldb_result *orig_obj = NULL;
     struct ldb_result *override_obj = NULL;
     TALLOC_CTX *tmp_ctx;
@@ -374,7 +374,9 @@ errno_t sysdb_getpwuid_with_views(TALLOC_CTX *mem_ctx,
         DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
         return ENOMEM;
     }
-
+    if (uid > 20000 || uid < 0) {
+        goto done;
+    }
     /* If there are views we first have to search the overrides for matches */
     if (DOM_HAS_VIEWS(domain)) {
         ret = sysdb_search_user_override_by_uid(tmp_ctx, domain, uid,
@@ -949,7 +951,7 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx,
                               struct ldb_result **res)
 {
     TALLOC_CTX *tmp_ctx;
-    int ret;
+    int ret = 0;
     struct ldb_result *orig_obj = NULL;
     struct ldb_result *override_obj = NULL;
     struct ldb_message_element *el;
@@ -958,7 +960,9 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx,
     if (!tmp_ctx) {
         return ENOMEM;
     }
-
+    if (gid > 20000 || gid < 0) {
+        goto done;
+    }
     /* If there are views we first have to search the overrides for matches */
     if (DOM_HAS_VIEWS(domain)) {
         ret = sysdb_search_group_override_by_gid(tmp_ctx, domain, gid,
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to