103 lines
2.9 KiB
Diff
103 lines
2.9 KiB
Diff
--- a/support/nfsidmap/libnfsidmap.c
|
|
+++ b/support/nfsidmap/libnfsidmap.c
|
|
@@ -430,11 +430,17 @@
|
|
|
|
nobody_user = conf_get_str("Mapping", "Nobody-User");
|
|
if (nobody_user) {
|
|
- size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
|
|
+ long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
|
|
+ size_t buflen = 1024; /*value on my gentoo glibc system that has _SC_GETPW_R_SIZE_MAX*/
|
|
struct passwd *buf;
|
|
struct passwd *pw = NULL;
|
|
int err;
|
|
|
|
+ /*sysconf can return -1 when _SC_GETPW_R_SIZE_MAX is not defined, like on musl systems, if cast to size_t this will lead
|
|
+ to an integer overflow, which leads to a buffer overflow and crashes svcgssd */
|
|
+ if (scbuflen > 0)
|
|
+ buflen = (size_t)scbuflen;
|
|
+
|
|
buf = malloc(sizeof(*buf) + buflen);
|
|
if (buf) {
|
|
err = getpwnam_r(nobody_user, buf, ((char *)buf) + sizeof(*buf), buflen, &pw);
|
|
@@ -451,10 +457,16 @@
|
|
|
|
nobody_group = conf_get_str("Mapping", "Nobody-Group");
|
|
if (nobody_group) {
|
|
- size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
|
|
+ long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
|
|
+ size_t buflen = 1024; /*value on my gentoo glibc system that has _SC_GETGR_R_SIZE_MAX*/
|
|
struct group *buf;
|
|
struct group *gr = NULL;
|
|
int err;
|
|
+
|
|
+ /*sysconf can return -1 when _SC_GETGR_R_SIZE_MAX is not defined, like on musl systems, if cast to size_t this will lead
|
|
+ to an integer overflow, which leads to a buffer overflow and crashes svcgssd */
|
|
+ if (scbuflen > 0)
|
|
+ buflen = (size_t)scbuflen;
|
|
|
|
buf = malloc(sizeof(*buf) + buflen);
|
|
if (buf) {
|
|
--- a/support/nfsidmap/static.c
|
|
+++ b/support/nfsidmap/static.c
|
|
@@ -98,10 +98,14 @@
|
|
{
|
|
struct passwd *pw;
|
|
struct pwbuf *buf;
|
|
- size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
|
|
+ long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
|
|
+ size_t buflen = 1024;
|
|
char *localname;
|
|
int err;
|
|
|
|
+ if (scbuflen > 0)
|
|
+ buflen = (size_t)scbuflen;
|
|
+
|
|
buf = malloc(sizeof(*buf) + buflen);
|
|
if (!buf) {
|
|
err = ENOMEM;
|
|
@@ -149,9 +153,13 @@
|
|
{
|
|
struct group *gr;
|
|
struct grbuf *buf;
|
|
- size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
|
|
+ long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
|
|
+ size_t buflen = 1024;
|
|
char *localgroup;
|
|
int err;
|
|
+
|
|
+ if (scbuflen > 0)
|
|
+ buflen = (size_t)scbuflen;
|
|
|
|
buf = malloc(sizeof(*buf) + buflen);
|
|
if (!buf) {
|
|
--- a/support/nfsidmap/nss.c
|
|
+++ b/support/nfsidmap/nss.c
|
|
@@ -91,9 +91,13 @@
|
|
struct passwd *pw = NULL;
|
|
struct passwd pwbuf;
|
|
char *buf;
|
|
- size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
|
|
+ long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
|
|
+ size_t buflen = 1024;
|
|
int err = -ENOMEM;
|
|
|
|
+ if (scbuflen > 0)
|
|
+ buflen = (size_t)scbuflen;
|
|
+
|
|
buf = malloc(buflen);
|
|
if (!buf)
|
|
goto out;
|
|
@@ -119,8 +123,12 @@
|
|
struct group *gr = NULL;
|
|
struct group grbuf;
|
|
char *buf;
|
|
- size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
|
|
+ long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
|
|
+ size_t buflen = 1024;
|
|
int err;
|
|
+
|
|
+ if (scbuflen > 0)
|
|
+ buflen = (size_t)scbuflen;
|
|
|
|
if (domain == NULL)
|
|
domain = get_default_domain();
|