avoid sending huge names as nscd passwd/group queries

overly long user/group names are potentially a DoS vector and source of other problems like partial writes by sendmsg, and not useful.
author: Rich Felker <dalias@aerifal.cx> 2015-03-15 23:46:22 -0400
committer: Rich Felker <dalias@aerifal.cx> 2015-03-15 23:46:22 -0400
commit: 4b5ca13fb170314e0e0c37b304ca56171625afd1 (patch)
tree: 2db732a3f15e781f81d1706a8b3d042869a04729
parent: 49d1e7f93129cdcc2ab0cc91832b8a29ccd1570d (diff)
download: musl-4b5ca13fb170314e0e0c37b304ca56171625afd1.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/passwd/nscd_query.c b/src/passwd/nscd_query.c
index 55ccc0a8..69a7815e 100644
--- a/src/passwd/nscd_query.c
+++ b/src/passwd/nscd_query.c
@@ -4,6 +4,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
+#include <limits.h>
 #include "nscd.h"
 
 static const struct {
@@ -22,7 +23,7 @@ FILE *__nscd_query(int32_t req, const char *key, int32_t *buf, size_t len, int *
 	int32_t req_buf[REQ_LEN] = {
 		NSCDVERSION,
 		req,
-		strlen(key)+1
+		strnlen(key,LOGIN_NAME_MAX)+1
 	};
 	struct msghdr msg = {
 		.msg_iov = (struct iovec[]){
@@ -45,7 +46,7 @@ retry:
 		return 0;
 	}
 
-	if (strlen(key) > INT32_MAX - 1)
+	if (req_buf[2] > LOGIN_NAME_MAX)
 		return f;
 
 	if (connect(fd, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
author	Rich Felker <dalias@aerifal.cx>	2015-03-15 23:46:22 -0400
committer	Rich Felker <dalias@aerifal.cx>	2015-03-15 23:46:22 -0400
commit	4b5ca13fb170314e0e0c37b304ca56171625afd1 (patch)
tree	2db732a3f15e781f81d1706a8b3d042869a04729
parent	49d1e7f93129cdcc2ab0cc91832b8a29ccd1570d (diff)
download	musl-4b5ca13fb170314e0e0c37b304ca56171625afd1.tar.gz