getgrent.c: adjust _nextypgroup() slightly so that it continues processing

the group map after encountering a badly formatted entry.

getpwent.c: same as above for _nextyppass(), and also turn a couple of
sprintf()s into snprintf()s to avoid potential buffer overruns. (The
other day I nearly went mad because of a username in my NIS database
that's actually 9 characters long instead of 8. Stuffing a 9-character
username into an 8-character buffer can do some strange things.)

(This reminds me: I hope somebody's planning to fix the buffer overrun
security hole in syslog(3) before 2.1 ships.)
This commit is contained in:
Bill Paul 1995-09-05 19:52:59 +00:00
parent c734076e9c
commit 400b841301
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=10565
2 changed files with 10 additions and 4 deletions

View File

@ -409,7 +409,10 @@ unpack:
strcpy(resultbuf, result);
free(result);
if(result = strchr(resultbuf, '\n')) *result = '\0';
return(_gr_breakout_yp(gr, resultbuf));
if (_gr_breakout_yp(gr, resultbuf))
return(1);
else
goto tryagain;
}
}

View File

@ -670,7 +670,7 @@ _getyppass(struct passwd *pw, const char *name, const char *map)
if(resultlen >= sizeof resultbuf) return 0;
strcpy(resultbuf, result);
sprintf (user, "%.*s", (strchr(result, ':') - result), result);
snprintf (user, sizeof(user), "%.*s", (strchr(result, ':') - result), result);
_pw_passwd.pw_fields = -1; /* Impossible value */
if (_scancaches((char *)&user)) {
free(result);
@ -736,7 +736,7 @@ unpack:
}
strcpy(resultbuf, result);
sprintf(user, "%.*s", (strchr(result, ':') - result), result);
snprintf(user, sizeof(user), "%.*s", (strchr(result, ':') - result), result);
_pw_passwd.pw_fields = -1; /* Impossible value */
if (_scancaches((char *)&user)) {
free(result);
@ -747,7 +747,10 @@ unpack:
if (_pw_passwd.pw_fields == -1)
goto tryagain;
if(result = strchr(resultbuf, '\n')) *result = '\0';
return(_pw_breakout_yp(pw, resultbuf, gotmaster));
if (_pw_breakout_yp(pw, resultbuf, gotmaster))
return(1);
else
goto tryagain;
}
}