aboutsummaryrefslogtreecommitdiff
path: root/nscd/nscd_getpw_r.c
diff options
context:
space:
mode:
Diffstat (limited to 'nscd/nscd_getpw_r.c')
-rw-r--r--nscd/nscd_getpw_r.c22
1 files changed, 19 insertions, 3 deletions
diff --git a/nscd/nscd_getpw_r.c b/nscd/nscd_getpw_r.c
index b04dcfaa99..fe5fb43ca1 100644
--- a/nscd/nscd_getpw_r.c
+++ b/nscd/nscd_getpw_r.c
@@ -66,14 +66,18 @@ __nscd_getpwuid_r (uid_t uid, struct passwd *resultbuf, char *buffer,
}
-libc_locked_map_ptr (map_handle);
+libc_locked_map_ptr (static, map_handle);
/* Note that we only free the structure if necessary. The memory
mapping is not removed since it is not visible to the malloc
handling. */
-libc_freeres_fn (gr_map_free)
+libc_freeres_fn (pw_map_free)
{
if (map_handle.mapped != NO_MAPPING)
- free (map_handle.mapped);
+ {
+ void *p = map_handle.mapped;
+ map_handle.mapped = NO_MAPPING;
+ free (p);
+ }
}
@@ -184,6 +188,18 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type,
/* Copy the various strings. */
memcpy (resultbuf->pw_name, pw_name, total);
+ /* Try to detect corrupt databases. */
+ if (resultbuf->pw_name[pw_resp->pw_name_len - 1] != '\0'
+ || resultbuf->pw_passwd[pw_resp->pw_passwd_len - 1] != '\0'
+ || resultbuf->pw_gecos[pw_resp->pw_gecos_len - 1] != '\0'
+ || resultbuf->pw_dir[pw_resp->pw_dir_len - 1] != '\0'
+ || resultbuf->pw_shell[pw_resp->pw_shell_len - 1] != '\0')
+ {
+ /* We cannot use the database. */
+ retval = -1;
+ goto out_close;
+ }
+
*result = resultbuf;
}
}