diff options
| author | Jakub Jelinek <jakub@redhat.com> | 2004-11-10 09:02:52 +0000 |
|---|---|---|
| committer | Jakub Jelinek <jakub@redhat.com> | 2004-11-10 09:02:52 +0000 |
| commit | 3504bb650f48534549bbd0313dc15fa71455e302 (patch) | |
| tree | 742dd9cbcee1147fb36bcc02816bec415544597e /nscd/nscd_getgr_r.c | |
| parent | cbf4bcd2b3d53de274548dbf4c28017d1f07d5b2 (diff) | |
| download | glibc-3504bb650f48534549bbd0313dc15fa71455e302.tar glibc-3504bb650f48534549bbd0313dc15fa71455e302.tar.gz glibc-3504bb650f48534549bbd0313dc15fa71455e302.tar.bz2 glibc-3504bb650f48534549bbd0313dc15fa71455e302.zip | |
Updated to fedora-glibc-20041110T0839
Diffstat (limited to 'nscd/nscd_getgr_r.c')
| -rw-r--r-- | nscd/nscd_getgr_r.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/nscd/nscd_getgr_r.c b/nscd/nscd_getgr_r.c index 1b94bf584f..282912db3e 100644 --- a/nscd/nscd_getgr_r.c +++ b/nscd/nscd_getgr_r.c @@ -67,14 +67,18 @@ __nscd_getgrgid_r (gid_t gid, struct group *resultbuf, char *buffer, } -libc_locked_map_ptr (map_handle); +libc_locked_map_ptr (,__gr_map_handle); /* Note that we only free the structure if necessary. The memory mapping is not removed since it is not visible to the malloc handling. */ libc_freeres_fn (gr_map_free) { - if (map_handle.mapped != NO_MAPPING) - free (map_handle.mapped); + if (__gr_map_handle.mapped != NO_MAPPING) + { + void *p = __gr_map_handle.mapped; + __gr_map_handle.mapped = NO_MAPPING; + free (p); + } } @@ -91,7 +95,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, /* If the mapping is available, try to search there instead of communicating with the nscd. */ struct mapped_database *mapped = __nscd_get_map_ref (GETFDGR, "group", - &map_handle, &gc_cycle); + &__gr_map_handle, + &gc_cycle); retry:; const gr_response_header *gr_resp = NULL; const char *gr_name = NULL; @@ -204,7 +209,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, else /* We already have the data. Just copy the group name and password. */ - memcpy (resultbuf->gr_name, gr_name, gr_name_len); + memcpy (resultbuf->gr_name, gr_name, + gr_resp->gr_name_len + gr_resp->gr_passwd_len); /* Clear the terminating entry. */ resultbuf->gr_mem[gr_resp->gr_mem_cnt] = NULL; @@ -242,6 +248,19 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, /* Copy the group member names. */ memcpy (resultbuf->gr_mem[0], gr_name + gr_name_len, total_len); + /* Try to detect corrupt databases. */ + if (resultbuf->gr_name[gr_name_len - 1] != '\0' + || resultbuf->gr_passwd[gr_resp->gr_passwd_len - 1] != '\0' + || ({for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt) + if (resultbuf->gr_mem[cnt][len[cnt] - 1] != '\0') + break; + cnt < gr_resp->gr_mem_cnt; })) + { + /* We cannot use the database. */ + retval = -1; + goto out_close; + } + *result = resultbuf; } } |