From 93520225bb3be172e49673492078cb2ffe4178d0 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 17 Jan 2013 18:10:45 -0500 Subject: [PATCH] Update to 0.8.12, part 3 Forward-port our local patch to catch out-of-range UID and GID values when we read them. --- ...=> nss-pam-ldapd-0.8.12-uid-overflow.patch | 41 ++++++++++--------- nss-pam-ldapd.spec | 2 +- 2 files changed, 22 insertions(+), 21 deletions(-) rename nss-pam-ldapd-0.7.x-uid-overflow.patch => nss-pam-ldapd-0.8.12-uid-overflow.patch (58%) diff --git a/nss-pam-ldapd-0.7.x-uid-overflow.patch b/nss-pam-ldapd-0.8.12-uid-overflow.patch similarity index 58% rename from nss-pam-ldapd-0.7.x-uid-overflow.patch rename to nss-pam-ldapd-0.8.12-uid-overflow.patch index 441802f..815e82d 100644 --- a/nss-pam-ldapd-0.7.x-uid-overflow.patch +++ b/nss-pam-ldapd-0.8.12-uid-overflow.patch @@ -1,22 +1,25 @@ -diff -up nss-pam-ldapd-0.7.17/nslcd/common.c.overflow nss-pam-ldapd-0.7.17/nslcd/common.c ---- nss-pam-ldapd-0.7.17/nslcd/common.c.overflow 2012-09-09 19:51:44.254856507 +0200 -+++ nss-pam-ldapd-0.7.17/nslcd/common.c 2012-09-09 19:52:32.602252083 +0200 -@@ -148,19 +148,25 @@ int read_address(TFILE *fp,char *addr,in - return 0; +Always use a function that we know will catch out-of-range values for UIDs and +GIDs, which are currently unsigned 32-bit numbers everywhere, and which won't +produce a result that'll silently be truncated if we store the result in a +uid_t or gid_t. +--- nss-pam-ldapd/nslcd/common.c ++++ nss-pam-ldapd/nslcd/common.c +@@ -273,19 +273,23 @@ long int binsid2id(const char *binsid) + ((((long int)binsid[i+2])&0xff)<<16)|((((long int)binsid[i+3])&0xff)<<24); } -#ifdef WANT_STRTOUI -+ - /* provide a strtoui() implementation, similar to strtoul() but returning +-/* provide a strtoui() implementation, similar to strtoul() but returning ++/* provide a strtoid() implementation, similar to strtoul() but returning an range-checked unsigned int instead */ -unsigned int strtoui(const char *nptr,char **endptr,int base) -+uint32_t strtoid(const char *nptr,char **endptr,int base) ++unsigned int strtoid(const char *nptr,char **endptr,int base) { - unsigned long val; - val=strtoul(nptr,endptr,base); - if (val>UINT_MAX) + long long val; -+ ++ /* use the fact that long long is 64-bit, even on 32-bit systems */ + val=strtoll(nptr,endptr,base); + if (val>UINT32_MAX) { @@ -24,24 +27,22 @@ diff -up nss-pam-ldapd-0.7.17/nslcd/common.c.overflow nss-pam-ldapd-0.7.17/nslcd - return UINT_MAX; + return UINT32_MAX; } -- /* If errno was set by strtoull, we'll pass it back as-is */ +- /* If errno was set by strtoul, we'll pass it back as-is */ - return (unsigned int)val; -+ else if (val<0) ++ else if (val < 0) + { + errno=EINVAL; + return UINT32_MAX; + } -+ + /* If errno was set, we'll pass it back as-is */ -+ return (uint32_t) val; ++ return (uint32_t)val; } -#endif /* WANT_STRTOUI */ -diff -up nss-pam-ldapd-0.7.17/nslcd/common.h.overflow nss-pam-ldapd-0.7.17/nslcd/common.h ---- nss-pam-ldapd-0.7.17/nslcd/common.h.overflow 2012-09-09 19:51:49.826786849 +0200 -+++ nss-pam-ldapd-0.7.17/nslcd/common.h 2012-09-09 19:52:53.669988699 +0200 -@@ -98,31 +98,9 @@ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION * - /* transforms the uid into a DN by doing an LDAP lookup */ - MUST_USE char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen); +--- nss-pam-ldapd/nslcd/common.h ++++ nss-pam-ldapd/nslcd/common.h +@@ -139,31 +139,9 @@ int nsswitch_db_uses_ldap(const char *fi + #endif /* _POSIX_HOST_NAME_MAX */ + #endif /* not HOST_NAME_MAX */ -/* provide strtouid() function alias */ -#if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT @@ -70,7 +71,7 @@ diff -up nss-pam-ldapd-0.7.17/nslcd/common.h.overflow nss-pam-ldapd-0.7.17/nslcd -#endif +uint32_t strtoid(const char *nptr,char **endptr,int base); +#define strtouid (uid_t)strtoid -+#define strtogid (uid_t)strtoid ++#define strtogid (gid_t)strtoid #ifdef WANT_STRTOUI /* provide a strtoui() if it is needed */ diff --git a/nss-pam-ldapd.spec b/nss-pam-ldapd.spec index 34977c3..c873f9c 100644 --- a/nss-pam-ldapd.spec +++ b/nss-pam-ldapd.spec @@ -25,7 +25,7 @@ Source2: nslcd.init Source3: nslcd.tmpfiles Source4: nslcd.service Patch1: nss-pam-ldapd-0.8.12-validname.patch -Patch3: nss-pam-ldapd-0.7.x-uid-overflow.patch +Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch Patch4: nss-pam-ldapd-0.7.x-epipe.patch Patch5: nss-pam-ldapd-0.7.16-skipall.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)