source: npl/system/nss_ldap/patches/uid_t.patch @ 439f083

Last change on this file since 439f083 was c5c522c, checked in by Edwin Eefting <edwin@datux.nl>, 8 years ago

initial commit, transferred from cleaned syn3 svn tree
  • Property mode set to 100644
File size: 1.1 KB

  • ldap-pwd.c 

    Description: Fixed possible overflow in uid/gid handling
Bug-Debian: http://bugs.debian.org/354093
    a b _nss_ldap_parse_pw (LDAPMessage * e, 
    8686  struct passwd *pw = (struct passwd *) result;
    8787  char *uid, *gid;
    8888  NSS_STATUS stat;
    89   char tmpbuf[sizeof "-4294967295"];
     89  char tmpbuf[ sizeof( uid_t ) * 8 / 3 + 2 ];
    9090  size_t tmplen;
    9191  char *tmp;
    9292
     93  tmpbuf[ sizeof(tmpbuf) - 1 ] = '\0';
     94
    9395  if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS)
    9496    {
    9597      /* don't include password for shadowAccount */
    _nss_ldap_parse_pw (LDAPMessage * e, 
    117119    return stat;
    118120
    119121  tmp = tmpbuf;
    120   tmplen = sizeof (tmpbuf);
     122  tmplen = sizeof (tmpbuf) - 1;
    121123  stat =
    122124    _nss_ldap_assign_attrval (e, AT (uidNumber), &uid, &tmp, &tmplen);
    123125  if (stat != NSS_SUCCESS)
    _nss_ldap_parse_pw (LDAPMessage * e, 
    133135    }
    134136
    135137  tmp = tmpbuf;
    136   tmplen = sizeof (tmpbuf);
     138  tmplen = sizeof (tmpbuf) - 1;
    137139  stat =
    138140    _nss_ldap_assign_attrval (e, ATM (LM_PASSWD, gidNumber), &gid, &tmp,
    139141                              &tmplen);
Note: See TracBrowser for help on using the repository browser.