URL: https://github.com/SSSD/sssd/pull/455 Title: #455: mmap_cache: make checks independent of input size
mzidek-rh commented: """ Just two really minor nitpicks (typo in word 'relative' and missing space around '+'): ``` diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index 5c87484..3441c79 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -550,7 +550,7 @@ static struct sss_mc_rec *sss_mc_find_record(struct sss_mc_ctx *mcc, safealign_memcpy(&name_ptr, rec->data, sizeof(rel_ptr_t), NULL); t_key = (char *)rec->data + name_ptr; /* name_ptr must point to some data in the strs/gids area of the data - * payload. Since it is a pointer realtive to rec->data it must larger + * payload. Since it is a pointer relative to rec->data it must larger * equal strs_offset and must be smaller then strs_offset + strs_len. * Additionally the area must not end outside of the data table and * t_key must be a zero-terminates string. */ diff --git a/src/sss_client/nss_mc_group.c b/src/sss_client/nss_mc_group.c index dd925a4..4b1601a 100644 --- a/src/sss_client/nss_mc_group.c +++ b/src/sss_client/nss_mc_group.c @@ -157,7 +157,7 @@ errno_t sss_nss_mc_getgrnam(const char *name, size_t name_len, if (data->name < strs_offset || data->name >= strs_offset + data->strs_len || data->strs_len > rec->len - || (uint8_t *) rec+ rec->len > gr_mc_ctx.data_table + data_size + || (uint8_t *) rec + rec->len > gr_mc_ctx.data_table + data_size || memchr(rec_name, '\0', (strs_offset + data->strs_len) - data->name) == NULL) { ret = ENOENT; ``` """ See the full comment at https://github.com/SSSD/sssd/pull/455#issuecomment-345783134
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org