[illumos-gate merge]

commit d65dfb0a6855414a1ff916b896e8be0fbe0d212a 8499 ficl: this statement may fall through commit e07d85f87c3920e032adb855fdc500e4616c7718 7875 libcurses: multiple misleading-indentation errors commit f1cdbd3731f01314c1d46f05280ad63f1770fdc6 8546 want recallocarray(3C) and freezero(3C) commit 0b905b49d460a57773d88d714cd880ffe0182b7c 5980 in-kernel inet_ntop should format IPv4 addresses like userland one commit 3facafd61791b16f112797f1b07dde00ab6b9a59 8487 cfgadm_plugins/shp: memory leak in cfga_get_condition() commit a3bcc60de108dc761615b2b9561d6dc76971f471 8543 nss_ldap crashes handling a group with no gidnumber attribute commit b2ce6e4ebc262a57e5c5d0224b2577526261a0e4 8463 common/acl: 'resultcount' may be used uninitialized in this function commit 83e86541459022f059e0bf50ebbc33fc8ec2d62e 8486 libdiskmgt: memory leak in slice_get_stats() commit 7f6d142fc0001e76967b1f047b6df5bc4c5d9082 8399 sun_fc: in C++11 destructors default to noexcept commit 3dde7c95de085cfe31f989eff6cefb775563eeb8 8528 Want Chelsio T6 support
author: Jerry Jelinek <jerry.jelinek@joyent.com> 2017-07-31 13:00:21 +0000
committer: Jerry Jelinek <jerry.jelinek@joyent.com> 2017-07-31 13:00:21 +0000
commit: a43f1df58a9e20639c60ab24da9193c2ff8e074e (patch)
tree: 2c782258c5ed0ceff90367f775728dc5cb1e9a12 /usr/src/lib/nsswitch
parent: 2b6211c70cd9e899b15e259d53790f01e46bb88a (diff)
parent: d65dfb0a6855414a1ff916b896e8be0fbe0d212a (diff)
download: illumos-joyent-a43f1df58a9e20639c60ab24da9193c2ff8e074e.tar.gz
1 files changed, 40 insertions, 30 deletions
diff --git a/usr/src/lib/nsswitch/ldap/common/getgrent.c b/usr/src/lib/nsswitch/ldap/common/getgrent.c
index 2682e6e2f8..291d16dbc6 100644
--- a/usr/src/lib/nsswitch/ldap/common/getgrent.c
+++ b/usr/src/lib/nsswitch/ldap/common/getgrent.c
@@ -21,6 +21,8 @@
 /*
  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  */
 
 #include <grp.h>
@@ -353,42 +355,50 @@ getbymember(ldap_backend_ptr be, void *a)
 	username = (char *)argp->username;
 	result = (ns_ldap_result_t *)be->result;
 	curEntry = (ns_ldap_entry_t *)result->entry;
-	for (i = 0; i < result->entries_count; i++) {
+	for (i = 0; i < result->entries_count && curEntry != NULL; i++) {
 		membervalue = __ns_ldap_getAttr(curEntry, "memberUid");
-		if (membervalue) {
-			for (j = 0; membervalue[j]; j++) {
-				/*
-				 * If we find an '=' in the member attribute
-				 * value, treat it as a DN, otherwise as a
-				 * username.
-				 */
-				if (member_str = strchr(membervalue[j], '=')) {
-					member_str++; /* skip over the '=' */
-					member_str = strtok_r(member_str, ",",
-					    &strtok_state);
-				} else {
-					member_str = membervalue[j];
+		if (membervalue == NULL) {
+			curEntry = curEntry->next;
+			continue;
+		}
+		for (j = 0; membervalue[j]; j++) {
+			/*
+			 * If we find an '=' in the member attribute
+			 * value, treat it as a DN, otherwise as a
+			 * username.
+			 */
+			if (member_str = strchr(membervalue[j], '=')) {
+				member_str++; /* skip over the '=' */
+				member_str = strtok_r(member_str, ",",
+				    &strtok_state);
+			} else {
+				member_str = membervalue[j];
+			}
+			if (member_str != NULL &&
+			    strcmp(member_str, username) == 0) {
+				groupvalue = __ns_ldap_getAttr(curEntry,
+				    "gidnumber");
+				if (groupvalue == NULL ||
+				    groupvalue[0] == NULL) {
+					/* Drop this group from the list */
+					break;
 				}
-				if (member_str &&
-				    strcmp(member_str, username) == NULL) {
-					groupvalue = __ns_ldap_getAttr(curEntry,
-					    "gidnumber");
-					gid = (gid_t)strtol(groupvalue[0],
-					    (char **)NULL, 10);
-					if (argp->numgids < argp->maxgids) {
-						for (k = 0; k < argp->numgids;
-						    k++) {
-							if (argp->gid_array[k]
-							    == gid)
-						    /* already exists */
-						break;
+				errno = 0;
+				gid = (gid_t)strtol(groupvalue[0],
+				    (char **)NULL, 10);
+
+				if (errno == 0 &&
+				    argp->numgids < argp->maxgids) {
+					for (k = 0; k < argp->numgids; k++) {
+						if (argp->gid_array[k] == gid)
+							/* already exists */
+							break;
 					}
 					if (k == argp->numgids)
 						argp->gid_array[argp->numgids++]
 						    = gid;
-					}
-					break;
 				}
+				break;
 			}
 		}
 		curEntry = curEntry->next;
@@ -421,7 +431,7 @@ static ldap_backend_op_t gr_ops[] = {
 /*ARGSUSED0*/
 nss_backend_t *
 _nss_ldap_group_constr(const char *dummy1, const char *dummy2,
-			const char *dummy3)
+    const char *dummy3)
 {
 
 	return ((nss_backend_t *)_nss_ldap_constr(gr_ops,
author	Jerry Jelinek <jerry.jelinek@joyent.com>	2017-07-31 13:00:21 +0000
committer	Jerry Jelinek <jerry.jelinek@joyent.com>	2017-07-31 13:00:21 +0000
commit	a43f1df58a9e20639c60ab24da9193c2ff8e074e (patch)
tree	2c782258c5ed0ceff90367f775728dc5cb1e9a12 /usr/src/lib/nsswitch
parent	2b6211c70cd9e899b15e259d53790f01e46bb88a (diff)
parent	d65dfb0a6855414a1ff916b896e8be0fbe0d212a (diff)
download	illumos-joyent-a43f1df58a9e20639c60ab24da9193c2ff8e074e.tar.gz