summaryrefslogtreecommitdiff
path: root/src/passwd
diff options
context:
space:
mode:
Diffstat (limited to 'src/passwd')
-rw-r--r--src/passwd/getgr_a.c12
-rw-r--r--src/passwd/getgrouplist.c3
-rw-r--r--src/passwd/nscd_query.c10
3 files changed, 22 insertions, 3 deletions
diff --git a/src/passwd/getgr_a.c b/src/passwd/getgr_a.c
index afeb1ece..84550404 100644
--- a/src/passwd/getgr_a.c
+++ b/src/passwd/getgr_a.c
@@ -71,6 +71,10 @@ int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf, size_t
goto cleanup_f;
}
+ if (groupbuf[GRMEMCNT] > (size_t)(INT32_MAX-1)) {
+ rv = ENOMEM;
+ goto cleanup_f;
+ }
if (groupbuf[GRNAMELEN] > SIZE_MAX - groupbuf[GRPASSWDLEN]) {
rv = ENOMEM;
goto cleanup_f;
@@ -127,7 +131,13 @@ int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf, size_t
if (groupbuf[GRMEMCNT]) {
mem[0][0] = *buf + groupbuf[GRNAMELEN] + groupbuf[GRPASSWDLEN];
for (ptr = mem[0][0], i = 0; ptr != mem[0][0]+grlist_len; ptr++)
- if (!*ptr) mem[0][++i] = ptr+1;
+ if (!*ptr)
+ if (i<groupbuf[GRMEMCNT]) {
+ mem[0][++i] = ptr+1;
+ } else {
+ rv = EIO;
+ goto cleanup_f;
+ }
mem[0][i] = 0;
if (i != groupbuf[GRMEMCNT]) {
diff --git a/src/passwd/getgrouplist.c b/src/passwd/getgrouplist.c
index 43e51824..301824ce 100644
--- a/src/passwd/getgrouplist.c
+++ b/src/passwd/getgrouplist.c
@@ -31,7 +31,8 @@ int getgrouplist(const char *user, gid_t gid, gid_t *groups, int *ngroups)
if (resp[INITGRFOUND]) {
nscdbuf = calloc(resp[INITGRNGRPS], sizeof(uint32_t));
if (!nscdbuf) goto cleanup;
- if (!fread(nscdbuf, sizeof(*nscdbuf)*resp[INITGRNGRPS], 1, f)) {
+ size_t nbytes = sizeof(*nscdbuf)*resp[INITGRNGRPS];
+ if (nbytes && !fread(nscdbuf, nbytes, 1, f)) {
if (!ferror(f)) errno = EIO;
goto cleanup;
}
diff --git a/src/passwd/nscd_query.c b/src/passwd/nscd_query.c
index d38e371b..dc3406b8 100644
--- a/src/passwd/nscd_query.c
+++ b/src/passwd/nscd_query.c
@@ -40,7 +40,15 @@ retry:
buf[0] = NSCDVERSION;
fd = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
- if (fd < 0) return NULL;
+ if (fd < 0) {
+ if (errno == EAFNOSUPPORT) {
+ f = fopen("/dev/null", "re");
+ if (f)
+ errno = errno_save;
+ return f;
+ }
+ return 0;
+ }
if(!(f = fdopen(fd, "r"))) {
close(fd);
generated by cgit v1.2.1 (git 2.18.0) at 2026-03-20 14:56:43 +0000