Skip to content

Commit

Permalink
Check size of destination for strncat calls.
Browse files Browse the repository at this point in the history 
Avoid stringop-overflow warning.
  • Loading branch information
@jaqx0r
jaqx0r committed Oct 23, 2021
1 parent 549a0bc commit 2e2b27a
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 13 deletions.
9 changes: 6 additions & 3 deletions gen_getent.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,8 @@ static int gen_getpwent_data(void) {
int ret;

strncpy(filename, PASSWD_FILE, NSS_CACHE_PATH_LENGTH - 4);
strncat(filename, ".out", 4);
int n = strlen(filename);
strncat(filename, ".out", NSS_CACHE_PATH_LENGTH - n - 1);
output = fopen(filename, "w");

if (output == NULL) {
Expand All @@ -217,7 +218,8 @@ static int gen_getgrent_data(void) {
int ret;

strncpy(filename, GROUP_FILE, NSS_CACHE_PATH_LENGTH - 4);
strncat(filename, ".out", 4);
int n = strlen(filename);
strncat(filename, ".out", NSS_CACHE_PATH_LENGTH - n - 1);
output = fopen(filename, "w");

if (output == NULL) {
Expand All @@ -242,7 +244,8 @@ static int gen_getspent_data(void) {
int ret;

strncpy(filename, SHADOW_FILE, NSS_CACHE_PATH_LENGTH - 4);
strncat(filename, ".out", 4);
int n = strlen(filename);
strncat(filename, ".out", NSS_CACHE_PATH_LENGTH - n - 1);
output = fopen(filename, "w");

if (output == NULL) {
Expand Down
25 changes: 15 additions & 10 deletions nss_cache.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -346,11 +346,12 @@ enum nss_status _nss_cache_getpwuid_r(uid_t uid, struct passwd *result,
enum nss_status ret;

strncpy(filename, p_filename, NSS_CACHE_PATH_LENGTH - 1);
if (strlen(filename) > NSS_CACHE_PATH_LENGTH - 7) {
int n = strlen(filename);
if (n > NSS_CACHE_PATH_LENGTH - 7) {
DEBUG("filename too long\n");
return NSS_STATUS_UNAVAIL;
}
strncat(filename, ".ixuid", 6);
strncat(filename, ".ixuid", NSS_CACHE_PATH_LENGTH - n - 1);

args.sorted_filename = filename;
args.system_filename = p_filename;
Expand Down Expand Up @@ -408,12 +409,13 @@ enum nss_status _nss_cache_getpwnam_r(const char *name, struct passwd *result,
strncpy(pw_name, name, strlen(name) + 1);

strncpy(filename, p_filename, NSS_CACHE_PATH_LENGTH - 1);
if (strlen(filename) > NSS_CACHE_PATH_LENGTH - 8) {
int n = strlen(filename);
if (n > NSS_CACHE_PATH_LENGTH - 8) {
DEBUG("filename too long\n");
free(pw_name);
return NSS_STATUS_UNAVAIL;
}
strncat(filename, ".ixname", 7);
strncat(filename, ".ixname", NSS_CACHE_PATH_LENGTH - n - 1);

args.sorted_filename = filename;
args.system_filename = p_filename;
Expand Down Expand Up @@ -629,11 +631,12 @@ enum nss_status _nss_cache_getgrgid_r(gid_t gid, struct group *result,
}

strncpy(filename, g_filename, NSS_CACHE_PATH_LENGTH - 1);
if (strlen(filename) > NSS_CACHE_PATH_LENGTH - 7) {
int n = strlen(filename);
if (n > NSS_CACHE_PATH_LENGTH - 7) {
DEBUG("filename too long\n");
return NSS_STATUS_UNAVAIL;
}
strncat(filename, ".ixgid", 6);
strncat(filename, ".ixgid", NSS_CACHE_PATH_LENGTH - n - 1);

args.sorted_filename = filename;
args.system_filename = g_filename;
Expand Down Expand Up @@ -691,12 +694,13 @@ enum nss_status _nss_cache_getgrnam_r(const char *name, struct group *result,
strncpy(gr_name, name, strlen(name) + 1);

strncpy(filename, g_filename, NSS_CACHE_PATH_LENGTH - 1);
if (strlen(filename) > NSS_CACHE_PATH_LENGTH - 8) {
int n = strlen(filename);
if (n > NSS_CACHE_PATH_LENGTH - 8) {
DEBUG("filename too long\n");
free(gr_name);
return NSS_STATUS_UNAVAIL;
}
strncat(filename, ".ixname", 7);
strncat(filename, ".ixname", NSS_CACHE_PATH_LENGTH - n - 1);

args.sorted_filename = filename;
args.system_filename = g_filename;
Expand Down Expand Up @@ -883,12 +887,13 @@ enum nss_status _nss_cache_getspnam_r(const char *name, struct spwd *result,
strncpy(sp_namp, name, strlen(name) + 1);

strncpy(filename, s_filename, NSS_CACHE_PATH_LENGTH - 1);
if (strlen(filename) > NSS_CACHE_PATH_LENGTH - 8) {
int n = strlen(filename);
if (n > NSS_CACHE_PATH_LENGTH - 8) {
DEBUG("filename too long\n");
free(sp_namp);
return NSS_STATUS_UNAVAIL;
}
strncat(filename, ".ixname", 7);
strncat(filename, ".ixname", NSS_CACHE_PATH_LENGTH - n - 1);

args.sorted_filename = filename;
args.system_filename = s_filename;
Expand Down

0 comments on commit 2e2b27a

Please sign in to comment.