|
|
6ce604 |
From ae0a9312c562985838fdd9845ef95fe61e8aa3de Mon Sep 17 00:00:00 2001
|
|
|
6ce604 |
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
|
|
6ce604 |
Date: Sun, 1 Apr 2018 10:57:22 +0200
|
|
|
6ce604 |
Subject: [PATCH 2/2] Watch for uint32_t overflows
|
|
|
6ce604 |
|
|
|
6ce604 |
Always use a function that we know will catch out-of-range values for UIDs and
|
|
|
6ce604 |
GIDs, which are currently unsigned 32-bit numbers everywhere, and which won't
|
|
|
6ce604 |
produce a result that'll silently be truncated if we store the result in a
|
|
|
6ce604 |
uid_t or gid_t.
|
|
|
6ce604 |
---
|
|
|
6ce604 |
nslcd/common.c | 28 ++++++++++++++++------------
|
|
|
6ce604 |
nslcd/common.h | 27 +++------------------------
|
|
|
6ce604 |
2 files changed, 19 insertions(+), 36 deletions(-)
|
|
|
6ce604 |
|
|
|
6ce604 |
diff --git a/nslcd/common.c b/nslcd/common.c
|
|
|
6ce604 |
index 60be7773d2c809f3177744ced0dd0ba90c86e820..de640b47806757e0bb2e704b3b79f1ecb18bbc45 100644
|
|
|
6ce604 |
--- a/nslcd/common.c
|
|
|
6ce604 |
+++ b/nslcd/common.c
|
|
|
6ce604 |
@@ -338,19 +338,23 @@ unsigned long int binsid2id(const char *binsid)
|
|
|
6ce604 |
((((unsigned long int)binsid[i + 3]) & 0xff) << 24);
|
|
|
6ce604 |
}
|
|
|
6ce604 |
|
|
|
6ce604 |
-#ifdef WANT_STRTOUI
|
|
|
6ce604 |
-/* provide a strtoui() implementation, similar to strtoul() but returning
|
|
|
6ce604 |
- an range-checked unsigned int instead */
|
|
|
6ce604 |
-unsigned int strtoui(const char *nptr, char **endptr, int base)
|
|
|
6ce604 |
+/* provide a strtoid() implementation, similar to strtoul() but returning
|
|
|
6ce604 |
+ an range-checked uint32_t instead */
|
|
|
6ce604 |
+unsigned int strtoid(const char *nptr,char **endptr,int base)
|
|
|
6ce604 |
{
|
|
|
6ce604 |
- unsigned long val;
|
|
|
6ce604 |
- val = strtoul(nptr, endptr, base);
|
|
|
6ce604 |
- if (val > UINT_MAX)
|
|
|
6ce604 |
+ long long val;
|
|
|
6ce604 |
+ /* use the fact that long long is 64-bit, even on 32-bit systems */
|
|
|
6ce604 |
+ val=strtoll(nptr,endptr,base);
|
|
|
6ce604 |
+ if (val>UINT32_MAX)
|
|
|
6ce604 |
{
|
|
|
6ce604 |
- errno = ERANGE;
|
|
|
6ce604 |
- return UINT_MAX;
|
|
|
6ce604 |
+ errno=ERANGE;
|
|
|
6ce604 |
+ return UINT32_MAX;
|
|
|
6ce604 |
}
|
|
|
6ce604 |
- /* If errno was set by strtoul, we'll pass it back as-is */
|
|
|
6ce604 |
- return (unsigned int)val;
|
|
|
6ce604 |
+ else if (val < 0)
|
|
|
6ce604 |
+ {
|
|
|
6ce604 |
+ errno=EINVAL;
|
|
|
6ce604 |
+ return UINT32_MAX;
|
|
|
6ce604 |
+ }
|
|
|
6ce604 |
+ /* If errno was set, we'll pass it back as-is */
|
|
|
6ce604 |
+ return (uint32_t)val;
|
|
|
6ce604 |
}
|
|
|
6ce604 |
-#endif /* WANT_STRTOUI */
|
|
|
6ce604 |
diff --git a/nslcd/common.h b/nslcd/common.h
|
|
|
6ce604 |
index 26fcf48ae2a6dc50bc97fab238ecc9a1879342ce..97d386eaf1f6881182729c5d8e46ce30d2d28eba 100644
|
|
|
6ce604 |
--- a/nslcd/common.h
|
|
|
6ce604 |
+++ b/nslcd/common.h
|
|
|
6ce604 |
@@ -161,31 +161,10 @@ void invalidator_do(enum ldap_map_selector map);
|
|
|
6ce604 |
#define BUFLEN_HOSTNAME 256 /* host names or FQDN (and safe version) */
|
|
|
6ce604 |
#define BUFLEN_MESSAGE 1024 /* message strings */
|
|
|
6ce604 |
|
|
|
6ce604 |
-/* provide strtouid() function alias */
|
|
|
6ce604 |
-#if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT
|
|
|
6ce604 |
-#define strtouid (uid_t)strtoul
|
|
|
6ce604 |
-#elif SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_LONG_INT
|
|
|
6ce604 |
-#define strtouid (uid_t)strtoull
|
|
|
6ce604 |
-#elif SIZEOF_UID_T == SIZEOF_UNSIGNED_INT
|
|
|
6ce604 |
-#define WANT_STRTOUI 1
|
|
|
6ce604 |
-#define strtouid (uid_t)strtoui
|
|
|
6ce604 |
-#else
|
|
|
6ce604 |
-#error unable to find implementation for strtouid()
|
|
|
6ce604 |
-#endif
|
|
|
6ce604 |
|
|
|
6ce604 |
-/* provide strtogid() function alias */
|
|
|
6ce604 |
-#if SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_INT
|
|
|
6ce604 |
-#define strtogid (gid_t)strtoul
|
|
|
6ce604 |
-#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_LONG_INT
|
|
|
6ce604 |
-#define strtogid (gid_t)strtoull
|
|
|
6ce604 |
-#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_INT
|
|
|
6ce604 |
-#ifndef WANT_STRTOUI
|
|
|
6ce604 |
-#define WANT_STRTOUI 1
|
|
|
6ce604 |
-#endif
|
|
|
6ce604 |
-#define strtogid (gid_t)strtoui
|
|
|
6ce604 |
-#else
|
|
|
6ce604 |
-#error unable to find implementation for strtogid()
|
|
|
6ce604 |
-#endif
|
|
|
6ce604 |
+uint32_t strtoid(const char *nptr,char **endptr,int base);
|
|
|
6ce604 |
+#define strtouid (uid_t)strtoid
|
|
|
6ce604 |
+#define strtogid (gid_t)strtoid
|
|
|
6ce604 |
|
|
|
6ce604 |
#ifdef WANT_STRTOUI
|
|
|
6ce604 |
/* provide a strtoui() if it is needed */
|
|
|
6ce604 |
--
|
|
|
6ce604 |
2.14.3
|
|
|
6ce604 |
|