Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 153495
Collapse All | Expand All

(-)OpenPBS_2_3_16/src/iff/iff2.c (+13 lines)
Lines 106-111 Link Here
106
106
107
static char ident[] = "@(#) $RCSfile: iff2.c,v $ $Revision: 2.2.10.8 $";
107
static char ident[] = "@(#) $RCSfile: iff2.c,v $ $Revision: 2.2.10.8 $";
108
108
109
#define _GNU_SOURCE
110
#include <unistd.h>
111
112
// we are lazy and do not check for errors here :(
113
uid_t __euid;
114
#define DROPEUID __euid = geteuid(); setresuid(getuid(), getuid(), geteuid())
115
#define RESTOREEUID setresuid(getuid(), __euid, getuid())
116
109
int pbs_errno;
117
int pbs_errno;
110
struct connect_handle connection[NCONNECTS];
118
struct connect_handle connection[NCONNECTS];
111
119
Lines 135-140 Link Here
135
	extern int   optind;
143
	extern int   optind;
136
	extern char *optarg;
144
	extern char *optarg;
137
145
146
	DROPEUID;
147
138
	/* Need to unset LOCALDOMAIN if set, want local host name */
148
	/* Need to unset LOCALDOMAIN if set, want local host name */
139
149
140
	for (i=0; envp[i]; ++i) {
150
	for (i=0; envp[i]; ++i) {
Lines 176-187 Link Here
176
	if ((servport = atoi(argv[++optind])) <= 0)
186
	if ((servport = atoi(argv[++optind])) <= 0)
177
		return (1);
187
		return (1);
178
188
189
	RESTOREEUID;	// we need a reserved port here
179
	for (i=0; i<10; i++) {
190
	for (i=0; i<10; i++) {
180
		sock = client_to_svr(hostaddr, (unsigned int)servport, 1);
191
		sock = client_to_svr(hostaddr, (unsigned int)servport, 1);
181
		if (sock != PBS_NET_RC_RETRY)
192
		if (sock != PBS_NET_RC_RETRY)
182
			break;
193
			break;
183
		sleep(1);
194
		sleep(1);
184
	}
195
	}
196
	DROPEUID;
197
185
	if (sock < 0) {
198
	if (sock < 0) {
186
		fprintf(stderr, "pbs_iff: cannot connect to host\n");
199
		fprintf(stderr, "pbs_iff: cannot connect to host\n");
187
		return (4);
200
		return (4);
(-)OpenPBS_2_3_16/src/mom_rcp/rcp.c (-7 / +15 lines)
Lines 135-141 Link Here
135
#ifdef	KERBEROS
135
#ifdef	KERBEROS
136
		case 'k':
136
		case 'k':
137
			dest_realm = dst_realm_buf;
137
			dest_realm = dst_realm_buf;
138
			(void)strncpy(dst_realm_buf, optarg, REALM_SZ);
138
			memset(dst_realm_buf, 0, REALM_SZ);
139
			(void)strncpy(dst_realm_buf, optarg, REALM_SZ-1);
139
			break;
140
			break;
140
#ifdef CRYPT
141
#ifdef CRYPT
141
		case 'x':
142
		case 'x':
Lines 197-209 Link Here
197
198
198
	if (fflag) {			/* Follow "protocol", send data. */
199
	if (fflag) {			/* Follow "protocol", send data. */
199
		(void)response();
200
		(void)response();
200
		(void)setuid(userid);
201
		if(setuid(userid) != 0)
202
			errx(1, "can't change to uid %d", (int)userid);
201
		source(argc, argv);
203
		source(argc, argv);
202
		exit(errs);
204
		exit(errs);
203
	}
205
	}
204
206
205
	if (tflag) {			/* Receive data. */
207
	if (tflag) {			/* Receive data. */
206
		(void)setuid(userid);
208
		if(setuid(userid) != 0)
209
			errx(1, "can't change to uid %d", (int)userid);
207
		sink(argc, argv);
210
		sink(argc, argv);
208
		exit(errs);
211
		exit(errs);
209
	}
212
	}
Lines 637-642 Link Here
637
640
638
		for (size = 0; isdigit(*cp);)
641
		for (size = 0; isdigit(*cp);)
639
			size = size * 10 + (*cp++ - '0');
642
			size = size * 10 + (*cp++ - '0');
643
		if(size < 0) // integer overflow, more can happen in the loop but lets avoid testing for the sake of performance
644
			SCREWUP("size becomes too big and swapped");
645
640
		if (*cp++ != ' ')
646
		if (*cp++ != ' ')
641
			SCREWUP("size not delimited");
647
			SCREWUP("size not delimited");
642
		if (targisdir) {
648
		if (targisdir) {
Lines 644-655 Link Here
644
			static int cursize;
650
			static int cursize;
645
			size_t need;
651
			size_t need;
646
652
647
			need = strlen(targ) + strlen(cp) + 250;
653
			need = strlen(targ) + strlen(cp) + 250; // b/c this might overflow (very unlikely) we use sNprintf() later
648
			if (need > cursize) {
654
			if (need > cursize) {
649
				if (!(namebuf = malloc(need)))
655
				if (!(namebuf = malloc(need))) // will not set a limit here
650
					run_err("%s", strerror(errno));
656
					run_err("%s", strerror(errno));
651
			}
657
			}
652
			(void)sprintf(namebuf, "%s%s%s", targ,
658
			(void)snprintf(namebuf, need, "%s%s%s", targ,
653
			    *targ ? "/" : "", cp);
659
			    *targ ? "/" : "", cp);
654
			np = namebuf;
660
			np = namebuf;
655
		} else
661
		} else
Lines 818-823 Link Here
818
{
824
{
819
	char ch, *cp, resp, rbuf[BUFSIZ];
825
	char ch, *cp, resp, rbuf[BUFSIZ];
820
826
827
	memset(rbuf, 0, BUFSIZ);
828
821
	if (read(rem, &resp, sizeof(resp)) != sizeof(resp))
829
	if (read(rem, &resp, sizeof(resp)) != sizeof(resp))
822
		lostconn(0);
830
		lostconn(0);
823
831
Lines 834-840 Link Here
834
			if (read(rem, &ch, sizeof(ch)) != sizeof(ch))
842
			if (read(rem, &ch, sizeof(ch)) != sizeof(ch))
835
				lostconn(0);
843
				lostconn(0);
836
			*cp++ = ch;
844
			*cp++ = ch;
837
		} while (cp < &rbuf[BUFSIZ] && ch != '\n');
845
		} while (cp < &rbuf[BUFSIZ-1] && ch != '\n');
838
846
839
		if (!iamremote)
847
		if (!iamremote)
840
			(void)write(STDERR_FILENO, rbuf, cp - rbuf);
848
			(void)write(STDERR_FILENO, rbuf, cp - rbuf);
(-)OpenPBS_2_3_16/src/mom_rcp/util.c (-1 / +13 lines)
Lines 120-126 Link Here
120
		return (127);
120
		return (127);
121
	
121
	
122
	case 0:
122
	case 0:
123
		(void)setuid(userid);
123
		if(setuid(userid) != 0)
124
		{
125
			run_err("setuid(%u): %s", userid, strerror(errno));
126
			_exit(127);
127
		}
124
		execl(_PATH_BSHELL, "sh", "-c", s, NULL);
128
		execl(_PATH_BSHELL, "sh", "-c", s, NULL);
125
		_exit(127);
129
		_exit(127);
126
	}
130
	}
Lines 129-134 Link Here
129
	return (status);
133
	return (status);
130
}
134
}
131
135
136
// arbitrary limit
137
#define UPPERLIMIT 2^20
132
BUF *
138
BUF *
133
allocbuf(bp, fd, blksize)
139
allocbuf(bp, fd, blksize)
134
	BUF *bp;
140
	BUF *bp;
Lines 141-146 Link Here
141
		run_err("fstat: %s", strerror(errno));
147
		run_err("fstat: %s", strerror(errno));
142
		return (0);
148
		return (0);
143
	}
149
	}
150
151
	if(blksize <= 0 || blksize > UPPERLIMIT)
152
	{
153
		run_err("blksize value is ivalid (either <= 0 or > %u)\n", UPPERLIMIT);
154
		return 0;
155
	}
144
	size = (((int)stb.st_blksize + blksize - 1) / blksize) * blksize;
156
	size = (((int)stb.st_blksize + blksize - 1) / blksize) * blksize;
145
	if (size == 0)
157
	if (size == 0)
146
		size = blksize;
158
		size = blksize;

Return to bug 153495