diff options
| author | Pradhap Devarajan <Pradhap.Devarajan@Sun.COM> | 2009-08-27 06:42:41 +0530 |
|---|---|---|
| committer | Pradhap Devarajan <Pradhap.Devarajan@Sun.COM> | 2009-08-27 06:42:41 +0530 |
| commit | 62272d53a3bece3d39dc6669124a70b288d77e0e (patch) | |
| tree | da5177db69a647c0f7a7a967c0b22af576c2650c /usr/src/lib/libc | |
| parent | 922d9a974895a0793d3c20d8b329a9703a6f61f8 (diff) | |
| download | illumos-joyent-62272d53a3bece3d39dc6669124a70b288d77e0e.tar.gz | |
6831257 getgrnam_r() and getpwnam_r() should check for valid gid
Diffstat (limited to 'usr/src/lib/libc')
| -rw-r--r-- | usr/src/lib/libc/port/gen/getgrnam_r.c | 7 | ||||
| -rw-r--r-- | usr/src/lib/libc/port/gen/getpwnam_r.c | 13 |
2 files changed, 14 insertions, 6 deletions
diff --git a/usr/src/lib/libc/port/gen/getgrnam_r.c b/usr/src/lib/libc/port/gen/getgrnam_r.c index 126b8c3349..4761b77724 100644 --- a/usr/src/lib/libc/port/gen/getgrnam_r.c +++ b/usr/src/lib/libc/port/gen/getgrnam_r.c @@ -38,6 +38,7 @@ #include <synch.h> #include <sys/param.h> #include <sys/mman.h> +#include <errno.h> extern int _getgroupsbymember(const char *, gid_t[], int, int); int str2group(const char *, int, void *, char *, int); @@ -378,12 +379,14 @@ str2group(const char *instr, int lenstr, void *ent, char *buffer, int buflen) return (NSS_STR_PARSE_PARSE); } if (!black_magic) { + errno = 0; tmp = strtoul(p, &next, 10); - if (next == p) { + if (next == p || errno != 0) { /* gid field should be nonempty */ + /* also check errno from strtoul */ return (NSS_STR_PARSE_PARSE); } - if (group->gr_gid >= UINT32_MAX) + if (tmp >= UINT32_MAX) group->gr_gid = GID_NOBODY; else group->gr_gid = (gid_t)tmp; diff --git a/usr/src/lib/libc/port/gen/getpwnam_r.c b/usr/src/lib/libc/port/gen/getpwnam_r.c index 7b7c417de5..b8a87e98a6 100644 --- a/usr/src/lib/libc/port/gen/getpwnam_r.c +++ b/usr/src/lib/libc/port/gen/getpwnam_r.c @@ -20,7 +20,7 @@ */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -34,6 +34,7 @@ #include <string.h> #include <stdlib.h> #include <sys/mman.h> +#include <errno.h> int str2passwd(const char *, int, void *, char *, int); @@ -316,9 +317,11 @@ str2passwd(const char *instr, int lenstr, void *ent, char *buffer, int buflen) * which is 4 bytes or else we will end up * truncating the value. */ + errno = 0; tmp = strtoul(p, &next, 10); - if (next == p) { + if (next == p || errno != 0) { /* uid field should be nonempty */ + /* also check errno from strtoul */ return (NSS_STR_PARSE_PARSE); } /* @@ -349,16 +352,18 @@ str2passwd(const char *instr, int lenstr, void *ent, char *buffer, int buflen) return (NSS_STR_PARSE_PARSE); } if (!black_magic) { + errno = 0; tmp = strtoul(p, &next, 10); - if (next == p) { + if (next == p || errno != 0) { /* gid field should be nonempty */ + /* also check errno from strtoul */ return (NSS_STR_PARSE_PARSE); } /* * gid should not be -1; anything else * is administrative policy. */ - if (passwd->pw_gid >= UINT32_MAX) + if (tmp >= UINT32_MAX) passwd->pw_gid = GID_NOBODY; else passwd->pw_gid = (gid_t)tmp; |