[SCM] Samba Shared Repository - branch v4-10-test updated
Karolin Seeger
kseeger at samba.org
Mon Jul 6 13:48:03 UTC 2020
The branch, v4-10-test has been updated
via 40d23ea50ce util: fix build on AIX by fixing the order of replace.h include
via 016e08ca07f util: Reallocate larger buffer if getpwuid_r() returns ERANGE
via 57bd719af1f util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
via f9d9ba6cd06 util: Simplify input validation
from 05596094a9b VERSION: Bump version up to 4.10.18.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test
- Log -----------------------------------------------------------------
commit 40d23ea50ce8c44283c41c4cb66b12189f836007
Author: Bjoern Jacke <bjacke at samba.org>
Date: Mon Jun 29 12:00:46 2020 +0000
util: fix build on AIX by fixing the order of replace.h include
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14422
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d93a6d2663a25bca072cd5623aea16e21ed650b8)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-10-test): Mon Jul 6 13:47:25 UTC 2020 on sn-devel-144
commit 016e08ca07f86af9e0131a908a2df116bcb9a48e
Author: Martin Schwenke <martin at meltin.net>
Date: Fri Jun 5 22:05:42 2020 +1000
util: Reallocate larger buffer if getpwuid_r() returns ERANGE
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Jun 9 21:07:24 UTC 2020 on sn-devel-184
(cherry picked from commit ddac6b2eb4adaec8fc5e25ca07387d2b9417764c)
commit 57bd719af1f138f44f71b2078995452582da0da6
Author: Martin Schwenke <martin at meltin.net>
Date: Fri Jun 5 21:52:23 2020 +1000
util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
NSS_BUFLEN_PASSWD is not defined on FreeBSD. Use
sysconf(_SC_GETPW_R_SIZE_MAX) instead, as per POSIX.
Use a dynamically allocated buffer instead of trying to cram all of
the logic into the declarations. This will come in useful later
anyway.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 847208cd8ac68c4c7d1dae63767820db1c69292b)
commit f9d9ba6cd06aca053c747c399ba700db80b1623c
Author: Martin Schwenke <martin at meltin.net>
Date: Tue Jun 9 11:52:50 2020 +1000
util: Simplify input validation
It appears that snprintf(3) is being used for input validation.
However, this seems like overkill because it causes szPath to be
copied an extra time. The mostly likely protections being sought
here, according to https://cwe.mitre.org/data/definitions/20.html,
look to be DoS attacks involving CPU and memory usage. A simpler
check that uses strnlen(3) can mitigate against both of these and is
simpler.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 922bce2668994dd2a5988c17060f977e9bb0c229)
-----------------------------------------------------------------------
Summary of changes:
lib/util/tests/test_util_paths.c | 2 +-
lib/util/util_paths.c | 47 ++++++++++++++++++++++++++++++++--------
2 files changed, 39 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/tests/test_util_paths.c b/lib/util/tests/test_util_paths.c
index b89abf0aea1..4dfe11c1445 100644
--- a/lib/util/tests/test_util_paths.c
+++ b/lib/util/tests/test_util_paths.c
@@ -23,9 +23,9 @@
#include <setjmp.h>
#include <cmocka.h>
+#include "lib/replace/replace.h"
#include <talloc.h>
-#include "lib/replace/replace.h"
#include "lib/util/util_paths.c"
static int setup(void **state)
diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
index c0ee5c32c30..72cc0aab8de 100644
--- a/lib/util/util_paths.c
+++ b/lib/util/util_paths.c
@@ -68,25 +68,54 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
{
struct passwd pwd = {0};
struct passwd *pwdbuf = NULL;
- char buf[NSS_BUFLEN_PASSWD] = {0};
+ char *buf = NULL;
+ char *out = NULL;
+ long int initlen;
+ size_t len;
int rc;
- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
+ initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (initlen == -1) {
+ len = 1024;
+ } else {
+ len = (size_t)initlen;
+ }
+ buf = talloc_size(mem_ctx, len);
+ if (buf == NULL) {
+ return NULL;
+ }
+
+ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
+ while (rc == ERANGE) {
+ size_t newlen = 2 * len;
+ if (newlen < len) {
+ /* Overflow */
+ goto done;
+ }
+ len = newlen;
+ buf = talloc_realloc_size(mem_ctx, buf, len);
+ if (buf == NULL) {
+ goto done;
+ }
+ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
+ }
if (rc != 0 || pwdbuf == NULL ) {
- int len_written;
const char *szPath = getenv("HOME");
if (szPath == NULL) {
- return NULL;
+ goto done;
}
- len_written = snprintf(buf, sizeof(buf), "%s", szPath);
- if (len_written >= sizeof(buf) || len_written < 0) {
- /* Output was truncated or an error. */
+ len = strnlen(szPath, PATH_MAX);
+ if (len >= PATH_MAX) {
return NULL;
}
- return talloc_strdup(mem_ctx, buf);
+ out = talloc_strdup(mem_ctx, szPath);
+ goto done;
}
- return talloc_strdup(mem_ctx, pwd.pw_dir);
+ out = talloc_strdup(mem_ctx, pwd.pw_dir);
+done:
+ TALLOC_FREE(buf);
+ return out;
}
char *path_expand_tilde(TALLOC_CTX *mem_ctx, const char *d)
--
Samba Shared Repository
More information about the samba-cvs
mailing list