[SCM] NSS Wrapper Repository - branch master updated

Michael Adam obnox at samba.org
Fri Nov 6 16:41:00 UTC 2015 

The branch, master has been updated
       via  b10d23b nwrap: Better check service string sanity.
       via  db42fc7 nwrap: Fix memory leak in nwrap_gethostbyname_r()
       via  7cc2b35 nwrap: Fix memory leak in nwrap_files_gethostbyname()
      from  dcc2c37 nwrap: Fix memory leak in nwrap_he_unload()

https://git.samba.org/?p=nss_wrapper.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b10d23be266109e2569b4f814d554fc2b706a2a3
Author: Robin Hack <hack.robin at gmail.com>
Date:   Tue Oct 13 14:41:14 2015 +0200

    nwrap: Better check service string sanity.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11501
    
    Patch use strtol() instead of atoi() to convert strings to numbers.
    This helps better check sanity of service input string.
    
    Signed-off-by: Robin Hack <hack.robin at gmail.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

commit db42fc7286ed2de4b9a3d14ce76ebd55ac5c5d48
Author: Robin Hack <hack.robin at gmail.com>
Date:   Mon Oct 12 10:36:04 2015 +0200

    nwrap: Fix memory leak in nwrap_gethostbyname_r()
    
    Fix reimplements how memory is used.
    Results from vector are copied to user provided buf.
    
    Signed-off-by: Robin Hack <hack.robin at gmail.com>
    Reviewed-by: Michael Adam <obnox at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 7cc2b350274a2fbad6aee25fd0374827e34f3a1d
Author: Robin Hack <hack.robin at gmail.com>
Date:   Thu Oct 8 15:27:47 2015 +0200

    nwrap: Fix memory leak in nwrap_files_gethostbyname()
    
    Signed-off-by: Robin Hack <hack.robin at gmail.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 src/nss_wrapper.c | 79 ++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 55 insertions(+), 24 deletions(-)


Changeset truncated at 500 lines:

diff --git a/src/nss_wrapper.c b/src/nss_wrapper.c
index 3496162..21fc108 100644
--- a/src/nss_wrapper.c
+++ b/src/nss_wrapper.c
@@ -604,6 +604,8 @@ struct nwrap_vector {
 	     item != NULL; \
 	     (item) = (vect).items[++iter])
 
+#define nwrap_vector_is_initialized(vector) ((vector)->items != NULL)
+
 static inline bool nwrap_vector_init(struct nwrap_vector *const vector)
 {
 	if (vector == NULL) {
@@ -3323,10 +3325,16 @@ static int nwrap_files_gethostbyname(const char *name, int af,
 	SAFE_FREE(h_name_lower);
 
 	/* Always cleanup vector and results */
-	if (!nwrap_vector_init(addr_list)) {
-		NWRAP_LOG(NWRAP_LOG_DEBUG,
-			  "Unable to initialize memory for addr_list vector");
-		goto no_ent;
+	if (!nwrap_vector_is_initialized(addr_list)) {
+		if (!nwrap_vector_init(addr_list)) {
+			NWRAP_LOG(NWRAP_LOG_DEBUG,
+				  "Unable to initialize memory for addr_list vector");
+			goto no_ent;
+		}
+	} else {
+		/* When vector is initialized data are valid no more.
+		 * Quick way how to free vector is: */
+		addr_list->count = 0;
 	}
 
 	/* Iterate through results */
@@ -3398,7 +3406,21 @@ static int nwrap_gethostbyname_r(const char *name,
 		return -1;
 	}
 
-	memset(buf, '\0', buflen);
+	if (buflen < (addr_list->count * sizeof(void *))) {
+		SAFE_FREE(addr_list->items);
+		SAFE_FREE(addr_list);
+		return ERANGE;
+	}
+
+	/* Copy all to user provided buffer and change
+	 * pointers in returned structure.
+	 * +1 is for ending NULL pointer. */
+	memcpy(buf, addr_list->items, (addr_list->count + 1) * sizeof(void *));
+
+	free(addr_list->items);
+	free(addr_list);
+
+	ret->h_addr_list = (char **)buf;
 	*result = ret;
 	return 0;
 }
@@ -5055,33 +5077,42 @@ static int nwrap_getaddrinfo(const char *node,
 	}
 
 	if (service != NULL && service[0] != '\0') {
-		if (isdigit((int)service[0])) {
-			port = (unsigned short)atoi(service);
-		} else {
-			const char *proto = NULL;
-			struct servent *s;
+		const char *proto = NULL;
+		struct servent *s;
+		char *end_ptr;
+		long sl;
 
-			if (hints->ai_protocol != 0) {
-				struct protoent *pent;
+		errno = 0;
+		sl = strtol(service, &end_ptr, 10);
 
-				pent = getprotobynumber(hints->ai_protocol);
-				if (pent != NULL) {
-					proto = pent->p_name;
-				}
+		if (*end_ptr == '\0' || end_ptr != service) {
+			port = sl;
+			goto valid_port;
+		} else if (hints->ai_flags & AI_NUMERICSERV) {
+			return EAI_SERVICE;
+		}
+
+		if (hints->ai_protocol != 0) {
+			struct protoent *pent;
+
+			pent = getprotobynumber(hints->ai_protocol);
+			if (pent != NULL) {
+				proto = pent->p_name;
 			}
+		}
 
-			s = getservbyname(service, proto);
-			if (s != NULL) {
-				port = ntohs(s->s_port);
-			} else {
-				if (p != NULL) {
-					freeaddrinfo(p);
-				}
-				return EAI_SERVICE;
+		s = getservbyname(service, proto);
+		if (s != NULL) {
+			port = ntohs(s->s_port);
+		} else {
+			if (p != NULL) {
+				freeaddrinfo(p);
 			}
+			return EAI_SERVICE;
 		}
 	}
 
+valid_port:
 	rc = 0;
 	if (hints->ai_family == AF_UNSPEC || hints->ai_family == AF_INET) {
 		rc = inet_pton(AF_INET, node, &addr.in.v4);


-- 
NSS Wrapper Repository

More information about the samba-cvs mailing list