(libc_locked_map_ptr): Add new first parameter, used as class for definition.
* nscd/nscd-client.h (libc_locked_map_ptr): Add new first parameter, used as class for definition. * nscd/nscd_getpw_r.c: Adjust for libc_locked_map_ptr change. (pw_map_free): Ensure no crash after memory is freed. * nscd/nscd_getgr.c: Likewise. Make map externally visible. * nscd/nscd_gethst.c: Likewise. * nscd/nscd_getai.c: Use map from nscd_gethost.c. * nscd/nscd_initgroups.c: Use map from nscd_getgr.c.
This commit is contained in:
parent
81b5ae0811
commit
5429ff760a
|
@ -1,5 +1,14 @@
|
||||||
2004-11-09 Ulrich Drepper <drepper@redhat.com>
|
2004-11-09 Ulrich Drepper <drepper@redhat.com>
|
||||||
|
|
||||||
|
* nscd/nscd-client.h (libc_locked_map_ptr): Add new first
|
||||||
|
parameter, used as class for definition.
|
||||||
|
* nscd/nscd_getpw_r.c: Adjust for libc_locked_map_ptr change.
|
||||||
|
(pw_map_free): Ensure no crash after memory is freed.
|
||||||
|
* nscd/nscd_getgr.c: Likewise. Make map externally visible.
|
||||||
|
* nscd/nscd_gethst.c: Likewise.
|
||||||
|
* nscd/nscd_getai.c: Use map from nscd_gethost.c.
|
||||||
|
* nscd/nscd_initgroups.c: Use map from nscd_getgr.c.
|
||||||
|
|
||||||
* nscd/nscd_getai.c: Add some checks to detect corrupt databases.
|
* nscd/nscd_getai.c: Add some checks to detect corrupt databases.
|
||||||
* nscd/nscd_getgr_r.c: Likewise
|
* nscd/nscd_getgr_r.c: Likewise
|
||||||
* nscd/nscd_gethst_r.c: Likewise.
|
* nscd/nscd_gethst_r.c: Likewise.
|
||||||
|
|
|
@ -264,7 +264,7 @@ struct locked_map_ptr
|
||||||
int lock;
|
int lock;
|
||||||
struct mapped_database *mapped;
|
struct mapped_database *mapped;
|
||||||
};
|
};
|
||||||
#define libc_locked_map_ptr(name) static struct locked_map_ptr name
|
#define libc_locked_map_ptr(class, name) class struct locked_map_ptr name
|
||||||
|
|
||||||
|
|
||||||
/* Open socket connection to nscd server. */
|
/* Open socket connection to nscd server. */
|
||||||
|
|
|
@ -142,6 +142,12 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
|
||||||
/* Copy the data in the block. */
|
/* Copy the data in the block. */
|
||||||
memcpy (resultbuf + 1, respdata, datalen);
|
memcpy (resultbuf + 1, respdata, datalen);
|
||||||
|
|
||||||
|
/* Try to detect corrupt databases. */
|
||||||
|
if (resultbuf->canon != NULL
|
||||||
|
&& resultbuf->canon[ai_resp->canonlen - 1] != '\0')
|
||||||
|
/* We cannot use the database. */
|
||||||
|
goto out_close;
|
||||||
|
|
||||||
retval = 0;
|
retval = 0;
|
||||||
*result = resultbuf;
|
*result = resultbuf;
|
||||||
}
|
}
|
||||||
|
@ -157,6 +163,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
|
||||||
retval = 0;
|
retval = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
out_close:
|
||||||
if (sock != -1)
|
if (sock != -1)
|
||||||
close_not_cancel_no_status (sock);
|
close_not_cancel_no_status (sock);
|
||||||
out:
|
out:
|
||||||
|
|
|
@ -204,7 +204,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
|
||||||
else
|
else
|
||||||
/* We already have the data. Just copy the group name and
|
/* We already have the data. Just copy the group name and
|
||||||
password. */
|
password. */
|
||||||
memcpy (resultbuf->gr_name, gr_name, gr_name_len);
|
memcpy (resultbuf->gr_name, gr_name,
|
||||||
|
gr_resp->gr_name_len + gr_resp->gr_passwd_len);
|
||||||
|
|
||||||
/* Clear the terminating entry. */
|
/* Clear the terminating entry. */
|
||||||
resultbuf->gr_mem[gr_resp->gr_mem_cnt] = NULL;
|
resultbuf->gr_mem[gr_resp->gr_mem_cnt] = NULL;
|
||||||
|
@ -242,6 +243,19 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
|
||||||
/* Copy the group member names. */
|
/* Copy the group member names. */
|
||||||
memcpy (resultbuf->gr_mem[0], gr_name + gr_name_len, total_len);
|
memcpy (resultbuf->gr_mem[0], gr_name + gr_name_len, total_len);
|
||||||
|
|
||||||
|
/* Try to detect corrupt databases. */
|
||||||
|
if (resultbuf->gr_name[gr_name_len - 1] != '\0'
|
||||||
|
|| resultbuf->gr_passwd[gr_resp->gr_passwd_len - 1] != '\0'
|
||||||
|
|| ({for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt)
|
||||||
|
if (resultbuf->gr_mem[cnt][len[cnt] - 1] != '\0')
|
||||||
|
break;
|
||||||
|
cnt < gr_resp->gr_mem_cnt; }))
|
||||||
|
{
|
||||||
|
/* We cannot use the database. */
|
||||||
|
retval = -1;
|
||||||
|
goto out_close;
|
||||||
|
}
|
||||||
|
|
||||||
*result = resultbuf;
|
*result = resultbuf;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -336,6 +336,16 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
|
||||||
memcpy (resultbuf->h_aliases[0],
|
memcpy (resultbuf->h_aliases[0],
|
||||||
(const char *) addr_list + addr_list_len, total_len);
|
(const char *) addr_list + addr_list_len, total_len);
|
||||||
|
|
||||||
|
/* Try to detect corrupt databases. */
|
||||||
|
if (resultbuf->h_name[hst_resp->h_name_len - 1] != '\0'
|
||||||
|
|| ({for (cnt = 0; cnt < hst_resp->h_aliases_cnt; ++cnt)
|
||||||
|
if (resultbuf->h_aliases[cnt][aliases_len[cnt] - 1]
|
||||||
|
!= '\0')
|
||||||
|
break;
|
||||||
|
cnt < hst_resp->h_aliases_cnt; }))
|
||||||
|
/* We cannot use the database. */
|
||||||
|
goto out_close;
|
||||||
|
|
||||||
retval = 0;
|
retval = 0;
|
||||||
*result = resultbuf;
|
*result = resultbuf;
|
||||||
}
|
}
|
||||||
|
|
|
@ -66,14 +66,18 @@ __nscd_getpwuid_r (uid_t uid, struct passwd *resultbuf, char *buffer,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
libc_locked_map_ptr (map_handle);
|
libc_locked_map_ptr (static, map_handle);
|
||||||
/* Note that we only free the structure if necessary. The memory
|
/* Note that we only free the structure if necessary. The memory
|
||||||
mapping is not removed since it is not visible to the malloc
|
mapping is not removed since it is not visible to the malloc
|
||||||
handling. */
|
handling. */
|
||||||
libc_freeres_fn (gr_map_free)
|
libc_freeres_fn (pw_map_free)
|
||||||
{
|
{
|
||||||
if (map_handle.mapped != NO_MAPPING)
|
if (map_handle.mapped != NO_MAPPING)
|
||||||
free (map_handle.mapped);
|
{
|
||||||
|
void *p = map_handle.mapped;
|
||||||
|
map_handle.mapped = NO_MAPPING;
|
||||||
|
free (p);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -184,6 +188,18 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type,
|
||||||
/* Copy the various strings. */
|
/* Copy the various strings. */
|
||||||
memcpy (resultbuf->pw_name, pw_name, total);
|
memcpy (resultbuf->pw_name, pw_name, total);
|
||||||
|
|
||||||
|
/* Try to detect corrupt databases. */
|
||||||
|
if (resultbuf->pw_name[pw_resp->pw_name_len - 1] != '\0'
|
||||||
|
|| resultbuf->pw_passwd[pw_resp->pw_passwd_len - 1] != '\0'
|
||||||
|
|| resultbuf->pw_gecos[pw_resp->pw_gecos_len - 1] != '\0'
|
||||||
|
|| resultbuf->pw_dir[pw_resp->pw_dir_len - 1] != '\0'
|
||||||
|
|| resultbuf->pw_shell[pw_resp->pw_shell_len - 1] != '\0')
|
||||||
|
{
|
||||||
|
/* We cannot use the database. */
|
||||||
|
retval = -1;
|
||||||
|
goto out_close;
|
||||||
|
}
|
||||||
|
|
||||||
*result = resultbuf;
|
*result = resultbuf;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue