Changeset 428 for trunk/src


Ignore:
Timestamp:
Mar 12, 2013, 9:42:07 PM (12 years ago)
Author:
katerina
Message:

Fix for ticket #335 (warn if buffer for group reading is too small).

Location:
trunk/src
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/sh_static.c

    r252 r428  
    7676
    7777#define PWD_BUFFER_SIZE 256
    78 #define GRP_BUFFER_SIZE 256
     78#define GRP_BUFFER_SIZE 3584
     79#define GRP_BUFFER_SIZE_MALLOC 32768
    7980
    8081/**********************************************************************/
     
    467468        char **m;
    468469        struct group group;
    469         char buff[PWD_BUFFER_SIZE];
     470
     471        char * buff = malloc(GRP_BUFFER_SIZE_MALLOC);
    470472
    471473        rv = -1;
     
    481483                num_groups = 1;
    482484
    483                 while (!__pgsreader(__parsegrent, &group, buff, sizeof(buff), grf)) {
     485                while (!__pgsreader(__parsegrent, &group, buff, GRP_BUFFER_SIZE_MALLOC, grf)) {
    484486                        assert(group.gr_mem); /* Must have at least a NULL terminator. */
    485487                        if (group.gr_gid != gid) {
     
    511513         * warnings from various malloc debuggers. */
    512514        free(group_list);
     515        free(buff);
    513516        return rv;
    514517}
     
    699702                                line_buff[line_len] = 0;
    700703                        } else if (line_len + 2 == buflen) { /* line too long */
     704                                rv = ERANGE;
     705                                break;
     706                                /*
    701707                                ++skip;
    702708                                continue;
     709                                */
    703710                        }
    704711

  • trunk/src/sh_unix.c

    r425 r428  
    10071007  struct group *           w;
    10081008  gid_t                    gid  = 0;
     1009  int                      status = 0;
    10091010
    10101011#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
     
    10351036#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
    10361037      buffer = SH_ALLOC(SH_GRBUF_SIZE);
    1037       sh_getgrnam_r(g, &grp, buffer, SH_GRBUF_SIZE, &w);
     1038      status = sh_getgrnam_r(g, &grp, buffer, SH_GRBUF_SIZE, &w);
    10381039#else
     1040      errno = 0;
    10391041      w = sh_getgrnam(g);
    1040 #endif
    1041 
    1042       if (w == NULL)
     1042      status = errno;
     1043#endif
     1044
     1045      if ((status == ERANGE) && (w == NULL))
     1046        {
     1047          static int seen = 0;
     1048         
     1049          if (seen == 0)
     1050            {
     1051              char errbuf[SH_ERRBUF_SIZE];
     1052
     1053              sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_GRNULL,
     1054                               sh_error_message(status, errbuf, sizeof(errbuf)),
     1055                               _("sh_group_to_gid"), (long) -1, _("line too long in group entry"));
     1056              ++seen;
     1057            }
     1058          *fail = -1;
     1059        }
     1060      else if (w == NULL)
    10431061        {
    10441062          char * tmp = sh_util_strdup(g);
     
    28812899#endif
    28822900
     2901  if (status == ERANGE)
     2902    {
     2903      static int seen = 0;
     2904
     2905      if (seen == 0)
     2906        {
     2907          sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_GRNULL,
     2908                           sh_error_message(status, errbuf, sizeof(errbuf)),
     2909                           _("getgrgid"), (long) gid, _("line too long in group entry"));
     2910          ++seen;
     2911        }
     2912     
     2913#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R)
     2914      SH_FREE(buffer);
     2915#endif
     2916
     2917      sh_userid_add(gid, NULL, CACHE_GID);
     2918      SL_RETURN( NULL, _("sh_unix_getGIDname"));
     2919    }
     2920
    28832921  if (tempres == NULL)
    28842922    {

  • trunk/src/trustfile.c

    r230 r428  
    414414 */
    415415/* not static to circumvent stupid gcc 4 bug */
    416 int isingrp(gid_t grp, uid_t *ulist)
     416int isingrp(gid_t grp, uid_t *ulist, int * errval)
    417417{
    418418  struct passwd *w;             /* info about group member */
     
    420420  register char **p;            /* points to current group member */
    421421  struct group *g;              /* pointer to group information */
     422
     423  int status;
    422424 
    423425#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R)
     
    430432  SL_ENTER(_("isingrp"));
    431433
     434  *errval = 0;
     435
    432436#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R)
    433437  buffer = malloc(SH_GRBUF_SIZE);
    434   sh_getgrgid_r(grp, &gr, buffer, SH_GRBUF_SIZE, &g);
    435 #else
     438  status = sh_getgrgid_r(grp, &gr, buffer, SH_GRBUF_SIZE, &g);
     439#else
     440  errno = 0;
    436441  g = sh_getgrgid(grp);
     442  status = errno;
    437443#endif
    438444
    439445  if (g == NULL)
    440446    {
     447      if (status == ERANGE)
     448        *errval = status;
     449
    441450      goto end_false;
    442451    }
     
    510519 */
    511520/* not static to circumvent stupid gcc 4 bug */
    512 int onlytrustedingrp(gid_t grp, uid_t *ulist)
     521int onlytrustedingrp(gid_t grp, uid_t *ulist, int * errval)
    513522{
    514523  struct passwd *w;             /* info about group member */
     
    518527  register int flag = -1;       /* group member found */
    519528
     529  int status;
     530
    520531#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R)
    521532  struct group    gr;
     
    529540  SL_ENTER(_("onlytrustedingrp"));
    530541
     542  *errval = 0;
     543
    531544#ifdef TRUST_DEBUG
    532545  fprintf(stderr, "trustfile: group writeable, group_gid: %ld\n",
     
    536549#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R)
    537550  buffer = malloc(SH_GRBUF_SIZE);
    538   sh_getgrgid_r(grp, &gr, buffer, SH_GRBUF_SIZE, &g);
    539 #else
     551  status = sh_getgrgid_r(grp, &gr, buffer, SH_GRBUF_SIZE, &g);
     552#else
     553  errno = 0;
    540554  g = sh_getgrgid(grp);
     555  status = errno;
    541556#endif
    542557
    543558  if (g == NULL)
    544559    {
     560      if (status == ERANGE)
     561        *errval = status;
     562
    545563#ifdef TRUST_DEBUG
    546564      fprintf(stderr,
     
    722740  char c;                       /* used to hold temp char          */
    723741 
     742  int errgrp = 0;
     743
    724744  SL_ENTER(_("sl_trustfile"));
    725745  if (fname == NULL)
     
    10101030       */
    10111031      if (((stbuf.st_mode & S_IWGRP) == S_IWGRP) &&
    1012           ((okusers != NULL && !onlytrustedingrp((gid_t)stbuf.st_gid,okusers))||
    1013            (badusers != NULL && isingrp((gid_t)stbuf.st_gid, badusers)))
     1032          ((okusers != NULL && !onlytrustedingrp((gid_t)stbuf.st_gid,okusers,&errgrp))||
     1033           (badusers != NULL && isingrp((gid_t)stbuf.st_gid, badusers,&errgrp)))
    10141034#ifdef STICKY
    10151035          && ((stbuf.st_mode&S_IFDIR) != S_IFDIR ||
     
    10351055          tf_badgid = (gid_t) stbuf.st_gid;
    10361056          free(fexp);
    1037           SL_IRETURN(SL_EBADGID, _("sl_trustfile"));
     1057          SL_IRETURN((errgrp == ERANGE) ? SL_ERANGE : SL_EBADGID, _("sl_trustfile"));
    10381058        }
    10391059      /*
Note: See TracChangeset for help on using the changeset viewer.