mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-29 17:32:43 +00:00
getgrent.c: adjust _nextypgroup() slightly so that it continues processing
the group map after encountering a badly formatted entry. getpwent.c: same as above for _nextyppass(), and also turn a couple of sprintf()s into snprintf()s to avoid potential buffer overruns. (The other day I nearly went mad because of a username in my NIS database that's actually 9 characters long instead of 8. Stuffing a 9-character username into an 8-character buffer can do some strange things.) (This reminds me: I hope somebody's planning to fix the buffer overrun security hole in syslog(3) before 2.1 ships.)
This commit is contained in:
parent
c734076e9c
commit
400b841301
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=10565
@ -409,7 +409,10 @@ unpack:
|
||||
strcpy(resultbuf, result);
|
||||
free(result);
|
||||
if(result = strchr(resultbuf, '\n')) *result = '\0';
|
||||
return(_gr_breakout_yp(gr, resultbuf));
|
||||
if (_gr_breakout_yp(gr, resultbuf))
|
||||
return(1);
|
||||
else
|
||||
goto tryagain;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -670,7 +670,7 @@ _getyppass(struct passwd *pw, const char *name, const char *map)
|
||||
|
||||
if(resultlen >= sizeof resultbuf) return 0;
|
||||
strcpy(resultbuf, result);
|
||||
sprintf (user, "%.*s", (strchr(result, ':') - result), result);
|
||||
snprintf (user, sizeof(user), "%.*s", (strchr(result, ':') - result), result);
|
||||
_pw_passwd.pw_fields = -1; /* Impossible value */
|
||||
if (_scancaches((char *)&user)) {
|
||||
free(result);
|
||||
@ -736,7 +736,7 @@ unpack:
|
||||
}
|
||||
|
||||
strcpy(resultbuf, result);
|
||||
sprintf(user, "%.*s", (strchr(result, ':') - result), result);
|
||||
snprintf(user, sizeof(user), "%.*s", (strchr(result, ':') - result), result);
|
||||
_pw_passwd.pw_fields = -1; /* Impossible value */
|
||||
if (_scancaches((char *)&user)) {
|
||||
free(result);
|
||||
@ -747,7 +747,10 @@ unpack:
|
||||
if (_pw_passwd.pw_fields == -1)
|
||||
goto tryagain;
|
||||
if(result = strchr(resultbuf, '\n')) *result = '\0';
|
||||
return(_pw_breakout_yp(pw, resultbuf, gotmaster));
|
||||
if (_pw_breakout_yp(pw, resultbuf, gotmaster))
|
||||
return(1);
|
||||
else
|
||||
goto tryagain;
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user