|
Ian Kent |
c5187b |
autofs-5.0.4 - make MAX_ERR_BUF and PARSE_MAX_BUF use easier to audit
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
From: Valerie Aurora Henson <vaurora@redhat.com>
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
Non-critical changes to make auditing buffer lengths easier.
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
* Some buffers were the wrong (too big) size, some were used twice for
|
|
Ian Kent |
c5187b |
different purposes.
|
|
Ian Kent |
c5187b |
* Use sizeof(buf) instead of repeating the *MAX* define in functions
|
|
Ian Kent |
c5187b |
that need to know the size of a statically allocated buffer.
|
|
Ian Kent |
c5187b |
* Fix a compiler warning about discarding the const on a string.
|
|
Ian Kent |
c5187b |
---
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
CHANGELOG | 1 +
|
|
Ian Kent |
c5187b |
modules/lookup_ldap.c | 51 ++++++++++++++++++++++---------------------------
|
|
Ian Kent |
c5187b |
2 files changed, 24 insertions(+), 28 deletions(-)
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
diff --git a/CHANGELOG b/CHANGELOG
|
|
Ian Kent |
c5187b |
index afd1335..417a001 100644
|
|
Ian Kent |
c5187b |
--- a/CHANGELOG
|
|
Ian Kent |
c5187b |
+++ b/CHANGELOG
|
|
Ian Kent |
c5187b |
@@ -15,6 +15,7 @@
|
|
Ian Kent |
c5187b |
- add "forcestart" and "forcerestart" init script options to allow
|
|
Ian Kent |
c5187b |
use of 5.0.3 strartup behavior if required.
|
|
Ian Kent |
c5187b |
- always read entire file map into cache to speed lookups.
|
|
Ian Kent |
c5187b |
+- make MAX_ERR_BUF and PARSE_MAX_BUF use easier to audit.
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
4/11/2008 autofs-5.0.4
|
|
Ian Kent |
c5187b |
-----------------------
|
|
Ian Kent |
c5187b |
diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
|
|
Ian Kent |
c5187b |
index bee97ae..d8a60d3 100644
|
|
Ian Kent |
c5187b |
--- a/modules/lookup_ldap.c
|
|
Ian Kent |
c5187b |
+++ b/modules/lookup_ldap.c
|
|
Ian Kent |
c5187b |
@@ -272,7 +272,7 @@ LDAP *init_ldap_connection(unsigned logopt, const char *uri, struct lookup_conte
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
static int get_query_dn(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt, const char *class, const char *key)
|
|
Ian Kent |
c5187b |
{
|
|
Ian Kent |
c5187b |
- char buf[PARSE_MAX_BUF];
|
|
Ian Kent |
c5187b |
+ char buf[MAX_ERR_BUF];
|
|
Ian Kent |
c5187b |
char *query, *dn, *qdn;
|
|
Ian Kent |
c5187b |
LDAPMessage *result, *e;
|
|
Ian Kent |
c5187b |
struct ldap_searchdn *sdns = NULL;
|
|
Ian Kent |
c5187b |
@@ -296,7 +296,7 @@ static int get_query_dn(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
query = alloca(l);
|
|
Ian Kent |
c5187b |
if (query == NULL) {
|
|
Ian Kent |
c5187b |
- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ char *estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
crit(logopt, MODPREFIX "alloca: %s", estr);
|
|
Ian Kent |
c5187b |
return NSS_STATUS_UNAVAIL;
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
@@ -1082,7 +1082,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
if (!tmp) {
|
|
Ian Kent |
c5187b |
char *estr;
|
|
Ian Kent |
c5187b |
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
return 0;
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
@@ -1104,7 +1104,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
|
|
Ian Kent |
c5187b |
tmp = malloc(l + 1);
|
|
Ian Kent |
c5187b |
if (!tmp) {
|
|
Ian Kent |
c5187b |
char *estr;
|
|
Ian Kent |
c5187b |
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
crit(logopt, MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
return 0;
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
@@ -1139,7 +1139,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
|
|
Ian Kent |
c5187b |
/* Isolate the server's name. */
|
|
Ian Kent |
c5187b |
if (!tmp) {
|
|
Ian Kent |
c5187b |
char *estr;
|
|
Ian Kent |
c5187b |
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
return 0;
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
@@ -1180,7 +1180,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
|
|
Ian Kent |
c5187b |
ctxt->mapname = map;
|
|
Ian Kent |
c5187b |
else {
|
|
Ian Kent |
c5187b |
char *estr;
|
|
Ian Kent |
c5187b |
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
if (ctxt->server)
|
|
Ian Kent |
c5187b |
free(ctxt->server);
|
|
Ian Kent |
c5187b |
@@ -1191,7 +1191,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
|
|
Ian Kent |
c5187b |
base = malloc(l + 1);
|
|
Ian Kent |
c5187b |
if (!base) {
|
|
Ian Kent |
c5187b |
char *estr;
|
|
Ian Kent |
c5187b |
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
if (ctxt->server)
|
|
Ian Kent |
c5187b |
free(ctxt->server);
|
|
Ian Kent |
c5187b |
@@ -1205,7 +1205,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
|
|
Ian Kent |
c5187b |
char *map = malloc(l + 1);
|
|
Ian Kent |
c5187b |
if (!map) {
|
|
Ian Kent |
c5187b |
char *estr;
|
|
Ian Kent |
c5187b |
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
if (ctxt->server)
|
|
Ian Kent |
c5187b |
free(ctxt->server);
|
|
Ian Kent |
c5187b |
@@ -1318,7 +1318,7 @@ int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **co
|
|
Ian Kent |
c5187b |
/* If we can't build a context, bail. */
|
|
Ian Kent |
c5187b |
ctxt = malloc(sizeof(struct lookup_context));
|
|
Ian Kent |
c5187b |
if (!ctxt) {
|
|
Ian Kent |
c5187b |
- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ char *estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
return 1;
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
@@ -1419,8 +1419,9 @@ int lookup_read_master(struct master *master, time_t age, void *context)
|
|
Ian Kent |
c5187b |
unsigned int timeout = master->default_timeout;
|
|
Ian Kent |
c5187b |
unsigned int logging = master->default_logging;
|
|
Ian Kent |
c5187b |
unsigned int logopt = master->logopt;
|
|
Ian Kent |
c5187b |
- int rv, l, count, blen;
|
|
Ian Kent |
c5187b |
- char buf[PARSE_MAX_BUF];
|
|
Ian Kent |
c5187b |
+ int rv, l, count;
|
|
Ian Kent |
c5187b |
+ char buf[MAX_ERR_BUF];
|
|
Ian Kent |
c5187b |
+ char parse_buf[PARSE_MAX_BUF];
|
|
Ian Kent |
c5187b |
char *query;
|
|
Ian Kent |
c5187b |
LDAPMessage *result, *e;
|
|
Ian Kent |
c5187b |
char *class, *info, *entry;
|
|
Ian Kent |
c5187b |
@@ -1442,7 +1443,7 @@ int lookup_read_master(struct master *master, time_t age, void *context)
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
query = alloca(l);
|
|
Ian Kent |
c5187b |
if (query == NULL) {
|
|
Ian Kent |
c5187b |
- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ char *estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "alloca: %s", estr);
|
|
Ian Kent |
c5187b |
return NSS_STATUS_UNAVAIL;
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
@@ -1532,19 +1533,13 @@ int lookup_read_master(struct master *master, time_t age, void *context)
|
|
Ian Kent |
c5187b |
goto next;
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
- blen = strlen(*keyValue) + 1 + strlen(*values) + 2;
|
|
Ian Kent |
c5187b |
- if (blen > PARSE_MAX_BUF) {
|
|
Ian Kent |
c5187b |
+ if (snprintf(parse_buf, sizeof(parse_buf), "%s %s",
|
|
Ian Kent |
c5187b |
+ *keyValue, *values) >= sizeof(parse_buf)) {
|
|
Ian Kent |
c5187b |
error(logopt, MODPREFIX "map entry too long");
|
|
Ian Kent |
c5187b |
ldap_value_free(values);
|
|
Ian Kent |
c5187b |
goto next;
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
- memset(buf, 0, PARSE_MAX_BUF);
|
|
Ian Kent |
c5187b |
-
|
|
Ian Kent |
c5187b |
- strcpy(buf, *keyValue);
|
|
Ian Kent |
c5187b |
- strcat(buf, " ");
|
|
Ian Kent |
c5187b |
- strcat(buf, *values);
|
|
Ian Kent |
c5187b |
-
|
|
Ian Kent |
c5187b |
- master_parse_entry(buf, timeout, logging, age);
|
|
Ian Kent |
c5187b |
+ master_parse_entry(parse_buf, timeout, logging, age);
|
|
Ian Kent |
c5187b |
next:
|
|
Ian Kent |
c5187b |
ldap_value_free(keyValue);
|
|
Ian Kent |
c5187b |
e = ldap_next_entry(ldap, e);
|
|
Ian Kent |
c5187b |
@@ -1561,7 +1556,7 @@ static int get_percent_decoded_len(const char *name)
|
|
Ian Kent |
c5187b |
{
|
|
Ian Kent |
c5187b |
int escapes = 0;
|
|
Ian Kent |
c5187b |
int escaped = 0;
|
|
Ian Kent |
c5187b |
- char *tmp = name;
|
|
Ian Kent |
c5187b |
+ const char *tmp = name;
|
|
Ian Kent |
c5187b |
int look_for_close = 0;
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
while (*tmp) {
|
|
Ian Kent |
c5187b |
@@ -2060,7 +2055,7 @@ static int do_get_entries(struct ldap_search_params *sp, struct map_source *sour
|
|
Ian Kent |
c5187b |
mapent = malloc(v_len + 1);
|
|
Ian Kent |
c5187b |
if (!mapent) {
|
|
Ian Kent |
c5187b |
char *estr;
|
|
Ian Kent |
c5187b |
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
ldap_value_free_len(bvValues);
|
|
Ian Kent |
c5187b |
goto next;
|
|
Ian Kent |
c5187b |
@@ -2080,7 +2075,7 @@ static int do_get_entries(struct ldap_search_params *sp, struct map_source *sour
|
|
Ian Kent |
c5187b |
mapent_len = new_size;
|
|
Ian Kent |
c5187b |
} else {
|
|
Ian Kent |
c5187b |
char *estr;
|
|
Ian Kent |
c5187b |
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "realloc: %s", estr);
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
@@ -2181,7 +2176,7 @@ static int read_one_map(struct autofs_point *ap,
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
sp.query = alloca(l);
|
|
Ian Kent |
c5187b |
if (sp.query == NULL) {
|
|
Ian Kent |
c5187b |
- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ char *estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
return NSS_STATUS_UNAVAIL;
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
@@ -2335,7 +2330,7 @@ static int lookup_one(struct autofs_point *ap,
|
|
Ian Kent |
c5187b |
|
|
Ian Kent |
c5187b |
query = alloca(l);
|
|
Ian Kent |
c5187b |
if (query == NULL) {
|
|
Ian Kent |
c5187b |
- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ char *estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
crit(ap->logopt, MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
if (enc_len1) {
|
|
Ian Kent |
c5187b |
free(enc_key1);
|
|
Ian Kent |
c5187b |
@@ -2507,7 +2502,7 @@ static int lookup_one(struct autofs_point *ap,
|
|
Ian Kent |
c5187b |
mapent = malloc(v_len + 1);
|
|
Ian Kent |
c5187b |
if (!mapent) {
|
|
Ian Kent |
c5187b |
char *estr;
|
|
Ian Kent |
c5187b |
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "malloc: %s", estr);
|
|
Ian Kent |
c5187b |
ldap_value_free_len(bvValues);
|
|
Ian Kent |
c5187b |
goto next;
|
|
Ian Kent |
c5187b |
@@ -2527,7 +2522,7 @@ static int lookup_one(struct autofs_point *ap,
|
|
Ian Kent |
c5187b |
mapent_len = new_size;
|
|
Ian Kent |
c5187b |
} else {
|
|
Ian Kent |
c5187b |
char *estr;
|
|
Ian Kent |
c5187b |
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
c5187b |
+ estr = strerror_r(errno, buf, sizeof(buf));
|
|
Ian Kent |
c5187b |
logerr(MODPREFIX "realloc: %s", estr);
|
|
Ian Kent |
c5187b |
}
|
|
Ian Kent |
c5187b |
}
|