diff options
| author | hm123892 <none@none> | 2005-11-15 03:49:15 -0800 |
|---|---|---|
| committer | hm123892 <none@none> | 2005-11-15 03:49:15 -0800 |
| commit | 11e3217022ca85e61c9af16135a16592fe10dc6b (patch) | |
| tree | c955edf579f6148e7e9a198aba516e3f1501dd8c /usr/src/lib/libsec | |
| parent | 14c932c0a8a1251dd81b7453752bbb4b7bf4d459 (diff) | |
| download | illumos-joyent-11e3217022ca85e61c9af16135a16592fe10dc6b.tar.gz | |
6332352 acltotext(3SEC) can overwrite the acl pointer it returns
Diffstat (limited to 'usr/src/lib/libsec')
| -rw-r--r-- | usr/src/lib/libsec/common/acltext.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/usr/src/lib/libsec/common/acltext.c b/usr/src/lib/libsec/common/acltext.c index 75b0dc7857..a928d580a9 100644 --- a/usr/src/lib/libsec/common/acltext.c +++ b/usr/src/lib/libsec/common/acltext.c @@ -61,6 +61,8 @@ extern acl_t *acl_alloc(enum acl_type); #define PERMS 4 #define ACL_ENTRY_SIZE (ENTRYTYPELEN + LOGNAME_MAX + PERMS) +#define UPDATE_WHERE where = dstr->aclexport + strlen(dstr->aclexport) + struct dynaclstr { size_t bufsize; /* current size of aclexport */ char *aclexport; @@ -140,14 +142,13 @@ acltotext(aclent_t *aclp, int aclcnt) if (passwdp == (struct passwd *)NULL) { /* put in uid instead */ (void) sprintf(where, "%d", aclp->a_id); + UPDATE_WHERE; } else { excess = strlen(passwdp->pw_name) - LOGNAME_MAX; if (excess > 0) { rtn = increase_length(dstr, excess); if (rtn == 1) { - /* reset where */ - where = dstr->aclexport + - strlen(dstr->aclexport); + UPDATE_WHERE; } else { free(dstr->aclexport); free(dstr); @@ -177,14 +178,13 @@ acltotext(aclent_t *aclp, int aclcnt) if (groupp == (struct group *)NULL) { /* put in gid instead */ (void) sprintf(where, "%d", aclp->a_id); + UPDATE_WHERE; } else { excess = strlen(groupp->gr_name) - LOGNAME_MAX; if (excess > 0) { rtn = increase_length(dstr, excess); if (rtn == 1) { - /* reset where */ - where = dstr->aclexport + - strlen(dstr->aclexport); + UPDATE_WHERE; } else { free(dstr->aclexport); free(dstr); |