aboutsummaryrefslogtreecommitdiffstats
path: root/main/nfs-utils/musl-svcgssd-sysconf.patch
blob: 7e658013b886abfec3b40352f73284bd96b51a60 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
--- a/support/nfsidmap/libnfsidmap.c
+++ b/support/nfsidmap/libnfsidmap.c
@@ -430,11 +430,17 @@
 
 	nobody_user = conf_get_str("Mapping", "Nobody-User");
 	if (nobody_user) {
-		size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+		long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+		size_t buflen = 1024; /*value on my gentoo glibc system that has _SC_GETPW_R_SIZE_MAX*/
 		struct passwd *buf;
 		struct passwd *pw = NULL;
 		int err;
 
+		/*sysconf can return -1 when _SC_GETPW_R_SIZE_MAX is not defined, like on musl systems, if cast to size_t this will lead
+		  to an integer overflow, which leads to a buffer overflow and crashes svcgssd */
+		if (scbuflen > 0)
+			buflen = (size_t)scbuflen;
+
 		buf = malloc(sizeof(*buf) + buflen);
 		if (buf) {
 			err = getpwnam_r(nobody_user, buf, ((char *)buf) + sizeof(*buf), buflen, &pw);
@@ -451,10 +457,16 @@
 
 	nobody_group = conf_get_str("Mapping", "Nobody-Group");
 	if (nobody_group) {
-		size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+		long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+		size_t buflen = 1024; /*value on my gentoo glibc system that has _SC_GETGR_R_SIZE_MAX*/
 		struct group *buf;
 		struct group *gr = NULL;
 		int err;
+
+		/*sysconf can return -1 when _SC_GETGR_R_SIZE_MAX is not defined, like on musl systems, if cast to size_t this will lead
+		  to an integer overflow, which leads to a buffer overflow and crashes svcgssd */
+		if (scbuflen > 0)
+			buflen = (size_t)scbuflen;
 
 		buf = malloc(sizeof(*buf) + buflen);
 		if (buf) {
--- a/support/nfsidmap/static.c
+++ b/support/nfsidmap/static.c
@@ -98,10 +98,14 @@
 {
 	struct passwd *pw;
 	struct pwbuf *buf;
-	size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	size_t buflen = 1024;
 	char *localname;
 	int err;
 
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
+
 	buf = malloc(sizeof(*buf) + buflen);
 	if (!buf) {
 		err = ENOMEM;
@@ -149,9 +153,13 @@
 {
 	struct group *gr;
 	struct grbuf *buf;
-	size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+	size_t buflen = 1024;
 	char *localgroup;
 	int err;
+
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
 
 	buf = malloc(sizeof(*buf) + buflen);
 	if (!buf) {
--- a/support/nfsidmap/nss.c
+++ b/support/nfsidmap/nss.c
@@ -91,9 +91,13 @@
 	struct passwd *pw = NULL;
 	struct passwd pwbuf;
 	char *buf;
-	size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	size_t buflen = 1024;
 	int err = -ENOMEM;
 
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
+
 	buf = malloc(buflen);
 	if (!buf)
 		goto out;
@@ -119,9 +123,13 @@
 	struct group *gr = NULL;
 	struct group grbuf;
 	char *buf;
-	size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+	size_t buflen = 1024;
 	int err;
 
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
+
 	if (domain == NULL)
 		domain = get_default_domain();
 
@@ -192,12 +200,13 @@
 {
 	struct passwd *pw;
 	struct pwbuf *buf;
-	size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	size_t buflen = 1024;
 	char *localname;
 	int err = ENOMEM;
 
-	if (buflen > UINT_MAX)
-		goto err;
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
 
 	buf = malloc(sizeof(*buf) + buflen);
 	if (buf == NULL)