diff options
| author | Jack O'Sullivan <jackos1998@gmail.com> | 2019-09-18 14:49:54 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-10-01 11:00:53 +0000 |
| commit | 69e6577a57edb200e22ad52774728fbd3c6df4c8 (patch) | |
| tree | 1bd0b46c3695a14ee8695a74568c835640402096 /main/nfs-utils/musl-svcgssd-sysconf.patch | |
| parent | 926ccf7d87783326a6c29c28dda1c124a674d85a (diff) | |
| download | aports-69e6577a57edb200e22ad52774728fbd3c6df4c8.tar.bz2 aports-69e6577a57edb200e22ad52774728fbd3c6df4c8.tar.xz | |
main/nfs-utils: Fix `_nss_name_to_gid()`
`sysconf(_SC_GETGR_R_SIZE_MAX)` returns -1 on musl. A patch exists to
work around this, but it is incomplete (`_nss_name_to_gid()` is not
included in `musl-svcgssd-sysconf.patch`.
Diffstat (limited to 'main/nfs-utils/musl-svcgssd-sysconf.patch')
| -rw-r--r-- | main/nfs-utils/musl-svcgssd-sysconf.patch | 45 |
1 files changed, 34 insertions, 11 deletions
diff --git a/main/nfs-utils/musl-svcgssd-sysconf.patch b/main/nfs-utils/musl-svcgssd-sysconf.patch index 7e658013b8..ec280ccaa8 100644 --- a/main/nfs-utils/musl-svcgssd-sysconf.patch +++ b/main/nfs-utils/musl-svcgssd-sysconf.patch @@ -1,6 +1,6 @@ --- a/support/nfsidmap/libnfsidmap.c +++ b/support/nfsidmap/libnfsidmap.c -@@ -430,11 +430,17 @@ +@@ -432,11 +432,17 @@ int nfs4_init_name_mapping(char *conffil nobody_user = conf_get_str("Mapping", "Nobody-User"); if (nobody_user) { @@ -19,7 +19,7 @@ buf = malloc(sizeof(*buf) + buflen); if (buf) { err = getpwnam_r(nobody_user, buf, ((char *)buf) + sizeof(*buf), buflen, &pw); -@@ -451,10 +457,16 @@ +@@ -453,11 +459,17 @@ int nfs4_init_name_mapping(char *conffil nobody_group = conf_get_str("Mapping", "Nobody-Group"); if (nobody_group) { @@ -29,17 +29,18 @@ struct group *buf; struct group *gr = NULL; int err; -+ + + /*sysconf can return -1 when _SC_GETGR_R_SIZE_MAX is not defined, like on musl systems, if cast to size_t this will lead + to an integer overflow, which leads to a buffer overflow and crashes svcgssd */ + if (scbuflen > 0) + buflen = (size_t)scbuflen; - ++ buf = malloc(sizeof(*buf) + buflen); if (buf) { + err = getgrnam_r(nobody_group, buf, ((char *)buf) + sizeof(*buf), buflen, &gr); --- a/support/nfsidmap/static.c +++ b/support/nfsidmap/static.c -@@ -98,10 +98,14 @@ +@@ -98,10 +98,14 @@ static struct passwd *static_getpwnam(co { struct passwd *pw; struct pwbuf *buf; @@ -55,7 +56,7 @@ buf = malloc(sizeof(*buf) + buflen); if (!buf) { err = ENOMEM; -@@ -149,9 +153,13 @@ +@@ -149,10 +153,14 @@ static struct group *static_getgrnam(con { struct group *gr; struct grbuf *buf; @@ -64,15 +65,16 @@ + size_t buflen = 1024; char *localgroup; int err; -+ + + if (scbuflen > 0) + buflen = (size_t)scbuflen; - ++ buf = malloc(sizeof(*buf) + buflen); if (!buf) { + err = ENOMEM; --- a/support/nfsidmap/nss.c +++ b/support/nfsidmap/nss.c -@@ -91,9 +91,13 @@ +@@ -91,9 +91,13 @@ static int nss_uid_to_name(uid_t uid, ch struct passwd *pw = NULL; struct passwd pwbuf; char *buf; @@ -87,7 +89,7 @@ buf = malloc(buflen); if (!buf) goto out; -@@ -119,9 +123,13 @@ +@@ -119,9 +123,13 @@ static int nss_gid_to_name(gid_t gid, ch struct group *gr = NULL; struct group grbuf; char *buf; @@ -102,7 +104,7 @@ if (domain == NULL) domain = get_default_domain(); -@@ -192,12 +200,13 @@ +@@ -192,12 +200,13 @@ static struct passwd *nss_getpwnam(const { struct passwd *pw; struct pwbuf *buf; @@ -119,3 +121,24 @@ buf = malloc(sizeof(*buf) + buflen); if (buf == NULL) +@@ -301,7 +310,8 @@ static int _nss_name_to_gid(char *name, + struct group *gr = NULL; + struct group grbuf; + char *buf, *domain; +- size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ size_t buflen = 1024; + int err = -EINVAL; + char *localname = NULL; + char *ref_name = NULL; +@@ -327,8 +337,8 @@ static int _nss_name_to_gid(char *name, + } + + err = -ENOMEM; +- if (buflen > UINT_MAX) +- goto out_name; ++ if (scbuflen > 0) ++ buflen = (size_t)scbuflen; + + do { + buf = malloc(buflen); |