Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 39190 Details for
Bug 63211
Bad username passed by nss_ldap to OpenLDAP causes latter to crash
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
This is a patch for nss_ldap to validate usernames before passing to OpenLDAP.
nss_ldap-220-username-check.diff (text/plain), 1.59 KB, created by
Lazar Obradovic
on 2004-09-08 04:13:53 UTC
(
hide
)
Description:
This is a patch for nss_ldap to validate usernames before passing to OpenLDAP.
Filename:
MIME Type:
Creator:
Lazar Obradovic
Created:
2004-09-08 04:13:53 UTC
Size:
1.59 KB
patch
obsolete
>diff -urN nss_ldap-220/ldap-parse.h nss_ldap-eunet-220/ldap-parse.h >--- nss_ldap-220/ldap-parse.h 2004-05-14 05:34:11.000000000 +0200 >+++ nss_ldap-eunet-220/ldap-parse.h 2004-09-08 13:05:12.000000000 +0200 >@@ -33,6 +33,11 @@ > LA_INIT(a); \ > LA_STRING(a) = NSS_ARGS(args)->key.name; \ > LA_TYPE(a) = LA_TYPE_STRING; \ >+ if (! is_valid_username (name) \ >+ { \ >+ syslog(LOG_INFO, "Invalid username %s", name); \ >+ return NSS_STATUS_NOTFOUND; \ >+ } \ > s = _nss_ldap_getbyname(&a, \ > NSS_ARGS(args)->buf.result, \ > NSS_ARGS(args)->buf.buffer, \ >diff -urN nss_ldap-220/util.c nss_ldap-eunet-220/util.c >--- nss_ldap-220/util.c 2004-05-14 05:34:11.000000000 +0200 >+++ nss_ldap-eunet-220/util.c 2004-09-08 13:05:45.000000000 +0200 >@@ -1058,3 +1058,18 @@ > > return ret; > } >+ >+int is_valid_username(char *user) >+{ >+ unsigned char *p; >+ >+/* This is pretty liberal, but we're going to use direct syscalls only, >+ * and they have to accept all the printable characters */ >+ for (p = (unsigned char *)user; *p; p++) >+ if (*p < ' ' || *p > 0x7E || *p == '.' || *p == '/') return 0; >+ >+ if (p - (unsigned char *)user > NAME_MAX) return 0; >+ >+ return 1; >+} >+ >diff -urN nss_ldap-220/util.h nss_ldap-eunet-220/util.h >--- nss_ldap-220/util.h 2004-05-14 05:34:11.000000000 +0200 >+++ nss_ldap-eunet-220/util.h 2004-09-08 13:11:10.000000000 +0200 >@@ -131,6 +131,8 @@ > NSS_STATUS _nss_ldap_escape_string (const char *str, > char *buf, size_t buflen); > >+int is_valid_username(char *user); >+ > #define MAP_H_ERRNO(nss_status, herr) do { \ > switch ((nss_status)) { \ > case NSS_SUCCESS: \
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=39190">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 63211
: 39190
