Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 48563 Details for
Bug 77414
net-fs/ncpfs CAN-2005-001{3,4}: Multiple issues
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CAN-2005-0013+4.patch
CAN-2005-0013+4.patch (text/plain), 25.16 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2005-01-15 10:57:54 UTC
(
hide
)
Description:
CAN-2005-0013+4.patch
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2005-01-15 10:57:54 UTC
Size:
25.16 KB
patch
obsolete
>===== lib/ncplib.c 1.93 vs edited ===== >--- 1.93/lib/ncplib.c 2005-01-13 20:57:58 +01:00 >+++ edited/lib/ncplib.c 2005-01-14 02:32:36 +01:00 >@@ -2259,6 +2259,10 @@ > if (stat(path, &st) != 0) { > return errno; > } >+ if (st.st_uid != getuid()) { >+ *err = EACCES; >+ return NULL; >+ } > if ((st.st_mode & (S_IRWXO | S_IRWXG)) != 0) { > return NCPLIB_INVALID_MODE; > } >@@ -2367,7 +2371,7 @@ > spec->server, spec->user); > > pwd = getpass(_("Password: ")); >- if (strlen(pwd) > sizeof(spec->password)) { >+ if (strlen(pwd) >= sizeof(spec->password)) { > return ENAMETOOLONG; > } > strcpy(spec->password, pwd); >===== lib/nwclient.c 1.6 vs edited ===== >--- 1.6/lib/nwclient.c 2005-01-13 23:35:32 +01:00 >+++ edited/lib/nwclient.c 2005-01-14 02:32:36 +01:00 >@@ -477,6 +477,10 @@ > *err = errno; > return NULL; > } >+ if (st.st_uid != getuid()) { >+ *err = EACCES; >+ return NULL; >+ } > if ((st.st_mode & (S_IRWXO | S_IRWXG)) != 0) { > *err = NCPLIB_INVALID_MODE; > return NULL; >@@ -816,7 +820,7 @@ > static NWDSCCODE __docopy_string (UNUSED(NWDSContextHandle ctx), const void* val, > const enum SYNTAX synt, size_t currentSize, > char* result, size_t maxSize){ >- >+ int l; > #ifdef DEBUG_PRINT > printf ("__docopy_string got :%s synt = %d cursize=%d maxsize= %d\n",(char *)val,synt,currentSize,maxSize ); > #endif >@@ -825,90 +829,63 @@ > if (!result) return ERR_NULL_POINTER; > switch (synt) { > case SYN_DIST_NAME: >-#if 0 >- { >- NWDSCCODE err; >- char tmpBuf [MAX_DN_BYTES+1]; >- >- err = NWDSAbbreviateName(ctx, val, tmpBuf); >- if (err) >- return err; >- strcpy (result,tmpBuf); >- } >-#else >- strcpy(result,val); >-#endif >- break; > case SYN_CI_STRING: > case SYN_CE_STRING: > case SYN_PR_STRING: > case SYN_NU_STRING: > case SYN_TEL_NUMBER: > case SYN_CLASS_NAME: >- strcpy(result,val); >- break; >+ l = snprintf(result, maxSize, "%s", (const char *)val); >+ break; > case SYN_PATH:{ > const Path_T* p = (const Path_T*)val; >- if (strlen(p->volumeName)+strlen(p->path)+2+2+1>=maxSize) >- return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%u,%s,%s", p->nameSpaceType,p->volumeName, p->path); >+ >+ l = snprintf(result, maxSize, "%u,%s,%s", p->nameSpaceType, p->volumeName, p->path); > } > break; > case SYN_TYPED_NAME:{ > const Typed_Name_T* tn = (const Typed_Name_T*)val; >- if (strlen(tn->objectName)+8+8+2+1>=maxSize) >- return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%u,%u,%s", tn->interval,tn->level,tn->objectName); >+ >+ l = snprintf(result, maxSize, "%u,%u,%s", tn->interval, tn->level, tn->objectName); > } > break; > case SYN_FAX_NUMBER:{ > const Fax_Number_T* fn = (const Fax_Number_T*)val; >- if (strlen(fn->telephoneNumber)+2+1+1>=maxSize) >- return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%s,%u", fn->telephoneNumber,fn->parameters.numOfBits); >+ >+ l = snprintf(result, maxSize, "%s,%u", fn->telephoneNumber, fn->parameters.numOfBits); > } > break; > case SYN_EMAIL_ADDRESS:{ > const EMail_Address_T* ea = (const EMail_Address_T*)val; > /*change the SMTP:aaa@bbbb to SMTP,aaa@bbbb */ > char* p=strchr(ea->address,':'); >- if (strlen(ea->address)+2+1+1>=maxSize) >- return NWE_BUFFER_OVERFLOW; > > if (p) *p=','; >- sprintf(result,"%u,%s", ea->type,ea->address); >+ l = snprintf(result, maxSize, "%u,%s", ea->type, ea->address); > } > break; > case SYN_PO_ADDRESS:{ > const NWDSChar* const* pa = (const NWDSChar* const*)val; >- int n; >- size_t len=1; >- for (n=0;n <5;n++) >- len +=strlen(pa[n]+1); >- if (len >=maxSize) >- return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%s,%s,%s,%s,%s,%s",pa[0],pa[1],pa[2],pa[3],pa[4],pa[5]); >+ >+ l = snprintf(result, maxSize, "%s,%s,%s,%s,%s,%s", pa[0], pa[1], pa[2], pa[3], pa[4], pa[5]); > } > break; > case SYN_HOLD:{ > const Hold_T* h = (const Hold_T*)val; >- if (strlen(h->objectName)+8+1+1>=maxSize) >- return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%u,%s", h->amount, h->objectName); >+ >+ l = snprintf(result, maxSize, "%u,%s", h->amount, h->objectName); > } > break; > case SYN_TIMESTAMP:{ > const TimeStamp_T* stamp = (const TimeStamp_T*)val; >- if (maxSize <=3*9) >- return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%u,%u,%u",stamp->wholeSeconds, stamp->replicaNum,stamp->eventID); >+ >+ l = snprintf(result, maxSize, "%u,%u,%u", stamp->wholeSeconds, stamp->replicaNum, stamp->eventID); > } > break; > case SYN_BACK_LINK:{ > const Back_Link_T* bl = (const Back_Link_T*)val; >- if (strlen(bl->objectName)+8+1+1 >=maxSize) >- return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%08X,%s", bl->remoteID, bl->objectName); >+ >+ l = snprintf(result, maxSize, "%08X,%s", bl->remoteID, bl->objectName); > } > break; > case SYN_CI_LIST:{ >@@ -933,60 +910,67 @@ > } > *(--aux)=0; > } >- break; >+ return 0; > > case SYN_OCTET_LIST:{ > const Octet_List_T* ol = (const Octet_List_T*)val; > size_t i; >- char aux [4]; >- if ((ol->length+1)*3+1 >=maxSize) >+ char *aux; >+ >+ if (20 + (ol->length+1)*3+1 >=maxSize) > return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%u", ol->length); >+ sprintf(result, "%u", ol->length); >+ aux = result + strlen(result); > for (i = 0; i < ol->length; i++) { >- sprintf(aux,",%02X", ol->data[i]); >- strcat(result,aux); >+ sprintf(aux, ",%02X", ol->data[i]); >+ aux += 3; > } > } >- break; >+ return 0; > case SYN_OCTET_STRING:{ > const Octet_String_T* os = (const Octet_String_T*)val; >- char aux [4]; > size_t i; >+ char *aux; > #ifdef DEBUG_PRINT > printf ("len %d\n",os->length); > #endif >- if ((os->length+1)*3+1 >=maxSize) >+ if (20 + (os->length+1)*3+1 >=maxSize) > return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%u", os->length); >+ sprintf(result, "%u", os->length); >+ aux = result + strlen(result); > for (i = 0; i < os->length; i++) { >- sprintf(aux,",%02X", os->data[i]); >- strcat(result,aux); >+ sprintf(aux, ",%02X", os->data[i]); >+ aux += 3; > } > } >- break; >+ return 0; > case SYN_NET_ADDRESS:{ > const Net_Address_T* na = (const Net_Address_T*)val; > size_t z; >- char aux[4]; >+ char *aux; >+ > z=na->addressLength; >- if (3*(z+2)+1 >=maxSize) >+ if (40 + 3*(z+2)+1 >=maxSize) > return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%u,%u", na->addressType,na->addressLength); >+ sprintf(result, "%u,%u", na->addressType, na->addressLength); >+ aux = result + strlen(result); > for (z = 0; z < na->addressLength; z++) { >- sprintf(aux,",%02X", na->address[z]); >- strcat(result,aux); >+ sprintf(aux, ",%02X", na->address[z]); >+ aux += 3; > } > } >- break; >+ return 0; > case SYN_OBJECT_ACL:{ > const Object_ACL_T* oacl = (const Object_ACL_T*)val; >- if (strlen(oacl->protectedAttrName)+strlen(oacl->subjectName)+8+2+1 >=maxSize) >- return NWE_BUFFER_OVERFLOW; >- sprintf(result,"%s,%s,%08X",oacl->protectedAttrName,oacl->subjectName,oacl->privileges); >+ >+ l = snprintf(result, maxSize, "%s,%s,%08X", oacl->protectedAttrName, oacl->subjectName, oacl->privileges); > } > break; > default: > return EINVAL; >+ } >+ if (l < 0 || (size_t)l >= maxSize) { >+ return NWE_BUFFER_OVERFLOW; > } > return 0; > } >===== sutil/ncplogin.c 1.18 vs edited ===== >--- 1.18/sutil/ncplogin.c 2004-05-30 00:03:03 +02:00 >+++ edited/sutil/ncplogin.c 2005-01-14 00:25:46 +01:00 >@@ -162,30 +162,34 @@ > #endif > > static int opt_set_volume_after_parsing_all_options(struct ncp_mount_info* info) { >- char tmpNWPath[1024]; >+ char *path; > int e; > >- /* we DID check in main that -V has been specified !*/ >- strcpy(tmpNWPath,info->remote_path); >- if (info->root_path) { >- strcat(tmpNWPath,"/"); >- strcat(tmpNWPath,info->root_path); >- } >+ if (info->root_path) { >+ e = asprintf(&path, "%s/%s", info->remote_path, info->root_path); >+ } else { >+ e = asprintf(&path, "%s", info->remote_path); >+ } >+ if (e == -1) { >+ errexit(84, _("Cannot allocate memory for path\n")); >+ } > /* I keep forgeting typing it in uppercase so let's do it here */ >- str_upper(tmpNWPath); >- info->pathlen = e = ncp_path_to_NW_format(tmpNWPath, info->NWpath, sizeof(info->NWpath)); >+ str_upper(path); >+ info->pathlen = e = ncp_path_to_NW_format(path, info->NWpath, sizeof(info->NWpath)); > if (e < 0) { >- errexit(18, _("Volume path `%s' is invalid: `%s'\n"), tmpNWPath, strerror(-e)); >+ errexit(18, _("Volume path `%s' is invalid: `%s'\n"), path, strerror(-e)); > }; > if (info->pathlen == 1) { > info->mdata.mounted_vol = ""; > info->remote_path = "/"; >+ free(path); > } else if (info->NWpath[0] != 1) { > info->mdata.mounted_vol = "dummy"; >- } else if (strlen(tmpNWPath) > NCP_VOLNAME_LEN) { >- errexit(19, _("Volume name `%s' is too long\n"), tmpNWPath); >+ free(path); >+ } else if (strlen(path) > NCP_VOLNAME_LEN) { >+ errexit(19, _("Volume name `%s' is too long\n"), path); > } else { >- info->mdata.mounted_vol=info->remote_path; >+ info->mdata.mounted_vol = path; > } > return 0; > } >@@ -201,8 +205,8 @@ > } > > static void opt_set_name_context(struct ncp_mount_info* info, const char* param) { >- if (strlen(param)< sizeof(info->context)) >- strcpy(info->context,param); >+ if (strlen(param) < sizeof(info->context)) >+ strcpy(info->context, param); > else{ > errexit(19, _("Context name `%s' is too long\n"), param); > } >@@ -307,7 +311,7 @@ > { > struct ncp_mount_info info; > struct stat st; >- char mount_name[256]; >+ char *mount_name; > > int result; > >@@ -340,7 +344,7 @@ > > init_mount_info(&info); > >- if (geteuid() != 0) >+ if (myeuid != 0) > { > errexit(26, _("%s must be installed suid root\n"), progname); > } >@@ -807,42 +811,29 @@ > > info.mdata.mount_point = mount_point; > #ifndef NCPMAP >- strcpy(mount_name, spec.server); >- strcat(mount_name, "/"); >- strcat(mount_name, spec.user); >-#else >- { >-/* v 1.05 test for no multiple mount */ >- char nwuser[256]=""; >-/* struct ncp_conn_spec tmpSpec; */ >- >- strcpy(mount_name, info.server); >- strcat(mount_name, "/"); >- if ((err = NWDSWhoAmI(ctx,nwuser))==0) { >- /* v 1.05 remove context in /etc/mtab entry */ >- NWCXSplitNameAndContext(ctx,nwuser,nwuser,NULL); >- str_upper(nwuser); >- strcat(mount_name,nwuser); >-/* does not work >- if current user has another connexion to that server, even to another volume:path >- ncp_find_permanent does not care about volume name nor "root path" >- memset(&tmpSpec, 0, sizeof(tmpSpec)); >- strcpy(tmpSpec.user,nwuser); >- strcpy(tmpSpec.server,info.serverName); >- tmpSpec.uid=info.mdata.uid; >- if ((!info.allow_multiple_connections)&& >- ((tmp_mount = ncp_find_permanent(&tmpSpec)) != NULL)) >- { >- fprintf(stderr, >- _("You already have mounted server %s\nas user " >- "%s\non mount point %s\n"), tmpSpec.server, tmpSpec.user, >- tmp_mount); >- exit(35); >+ if (asprintf(&mount_name, "%s/%s", spec.server, spec.user) < 0) { >+ NWDSFreeContext(ctx); >+ errexit(85, _("Cannot allocate memory for mtab entry: %s\n"), strerror(ENOMEM)); >+ } >+#else >+ { >+ NWDSChar user[MAX_DN_BYTES]; >+ >+ err = NWDSWhoAmI(ctx, user); >+ if (err) { >+ NWDSFreeContext(ctx); >+ errexit(51, _("Cannot retrieve user identity: %s\n"), strnwerror(err)); > } >-***************/ >- } else { >+ err = NWCXSplitNameAndContext(ctx, user, user, NULL); >+ if (err) { >+ NWDSFreeContext(ctx); >+ errexit(86, _("Cannot parse user name: %s\n"), strnwerror(err)); >+ } >+ /* FIXME: str_upper is unwanted! NWCXSplitNameAndContext too, BTW... Just retrieve name from server and do 'NWDSAbbreviateName' on it */ >+ str_upper(user); >+ if (asprintf(&mount_name, "%s/%s", info.server, user) < 0) { > NWDSFreeContext(ctx); >- errexit(51, _("NWDSWhoAmi returned %s\n"), strnwerror(err)); >+ errexit(85, _("Cannot allocate memory for mtab entry: %s\n"), strerror(ENOMEM)); > } > } > #endif >@@ -855,14 +846,16 @@ > } else { > mycom_err(result, _("failed in mount(2)")); > } >+ free(mount_name); > NWDSFreeContext(ctx); > /*exit code stays 0 for TCL/tk to be fixed...*/ > exit(0); > } > err = proc_aftermount(&info, &conn); > if (err) { >+ free(mount_name); > NWDSFreeContext(ctx); >- umount(mount_point); >+ proc_ncpm_umount(mount_point); > exit(err); > } > #ifndef NCPMAP >@@ -875,7 +868,8 @@ > mycom_err(err, _("failed in nds login")); > fprintf(stderr, _("Login denied.\n")); > ncp_close(conn); >- umount(mount_point); >+ proc_ncpm_umount(mount_point); >+ free(mount_name); > NWDSFreeContext(ctx); > exit(55); > } >@@ -893,7 +887,8 @@ > mycom_err(err, _("in login")); > fprintf(stderr, _("Login denied\n")); > ncp_close(conn); >- umount(mount_point); >+ proc_ncpm_umount(mount_point); >+ free(mount_name); > NWDSFreeContext(ctx); > exit(56); > } >@@ -911,34 +906,37 @@ > err = NWDSAddConnection(ctx, conn); > if (err) { > ncp_close(conn); >- umount(mount_point); >+ proc_ncpm_umount(mount_point); >+ free(mount_name); > NWDSFreeContext(ctx); > errexit(110, _("Cannot attach connection to context: %s\n"), strnwerror(err)); > } > err = NWDSAuthenticateConn(ctx, conn); > if (err) { > ncp_close(conn); >- umount(mount_point); >-/*one day I will be in trouble here, when NWDSFreeContext() will free all added connections */ >+ proc_ncpm_umount(mount_point); >+ free(mount_name); > NWDSFreeContext(ctx); > errexit(112, _("Cannot authenticate connection: %s\n"), strnwerror(err)); > } > #endif > > err = NWSetBroadcastMode(conn,info.bcastmode); /*ignore error for now */ >- NWDSFreeContext(ctx); /*free at last no more ifndef NCPMOUNT below */ > > if ((err = ncp_mount_specific(conn, -1, info.NWpath, info.pathlen)) != 0) > { > ncp_close(conn); >- umount(mount_point); >+ proc_ncpm_umount(mount_point); >+ NWDSFreeContext(ctx); > errexit(57, _("Cannot access path \"%s\": %s\n"), info.remote_path, strerror(-err)); > } > NWCCCloseConn(conn); >- /*ncpmap, ncplogin must write in /etc/mtab*/ >+ NWDSFreeContext(ctx); >+ /* ncpmap, ncplogin must write in /etc/mtab */ > { > add_mnt_entry(mount_name, mount_point, info.flags); > } >+ free(mount_name); > if (info.echo_mnt_pnt) { > printf(_("mounted on:%s\n"),mount_point); > } >===== sutil/ncpm_common.c 1.15 vs edited ===== >--- 1.15/sutil/ncpm_common.c 2004-05-30 00:03:03 +02:00 >+++ edited/sutil/ncpm_common.c 2005-01-14 02:30:42 +01:00 >@@ -219,8 +219,12 @@ > return 1; > } else if (pid == 0) > { >+ char *myenv[] = { >+ "PATH=/sbin:/usr/sbin:/bin:/usr/bin", >+ NULL >+ }; > /* child */ >- execl("/sbin/modprobe", "modprobe", "ncpfs", NULL); >+ execle("/sbin/modprobe", "modprobe", "ncpfs", NULL, myenv); > _exit(127); /* execl error */ > } else > { >@@ -355,6 +359,54 @@ > > #endif > >+static inline int ncpm_suser(void) { >+ return setreuid(-1, 0); >+} >+ >+static int ncpm_normal(void) { >+ int e; >+ int v; >+ >+ e = errno; >+ v = setreuid(-1, myuid); >+ errno = e; >+ return v; >+} >+ >+static int proc_ncpm_mount(const char* source, const char* target, const char* filesystem, unsigned long mountflags, const void* data) { >+ int v; >+ int e; >+ >+ if (ncpm_suser()) { >+ return errno; >+ } >+ v = mount(source, target, filesystem, mountflags, data); >+ if (ncpm_normal()) { >+ /* We cannot handle this situation gracefully, so do what we can */ >+ >+ e = errno; >+ /* If mount suceeded, undo it */ >+ if (v) { >+ umount(target); >+ } >+ errexit(88, _("Cannot relinquish superuser rights: %s\n"), strerror(e)); >+ } >+ return v; >+} >+ >+int proc_ncpm_umount(const char* target) { >+ int v; >+ >+ if (ncpm_suser()) { >+ return errno; >+ } >+ v = umount(target); >+ if (ncpm_normal()) { >+ errexit(89, _("Cannot relinquish superuser rights: %s\n"), strerror(errno)); >+ } >+ return v; >+} >+ > #ifdef MOUNT2 > static int ncp_mount_v2(const char* mount_name, unsigned long flags, const struct ncp_mount_data_independent* data) { > struct ncp_mount_data_v2 datav2; >@@ -392,7 +444,7 @@ > } > datav2.file_mode = data->file_mode; > datav2.dir_mode = data->dir_mode; >- err = mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav2); >+ err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav2); > if (err) > return errno; > return 0; >@@ -456,7 +508,7 @@ > exit(0); /* Should not return from process_connection */ > } > close(pp[0]); >- err=mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav3); >+ err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav3); > if (err) { > err = errno; > /* Mount unsuccesful so we have to kill daemon */ >@@ -507,7 +559,7 @@ > sprintf(mountopts, "version=%u,flags=%u,owner=%u,uid=%u,gid=%u,mode=%u,dirmode=%u,timeout=%u,retry=%u,wdogpid=%u,ncpfd=%u,infofd=%u", > NCP_MOUNT_VERSION_V5, ncpflags, data->mounted_uid, data->uid, data->gid, data->file_mode, > data->dir_mode, data->time_out, data->retry_count, wdog_pid, data->ncp_fd, pp[1]); >- err=mount(mount_name, data->mount_point, "ncpfs", flags, mountopts); >+ err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, mountopts); > } else { > err=-1; > } >@@ -525,7 +577,7 @@ > datav4.file_mode = data->file_mode; > datav4.dir_mode = data->dir_mode; > datav4.wdog_pid = wdog_pid; >- err = mount(mount_name, data->mount_point, "ncpfs", flags, (void*)&datav4); >+ err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*)&datav4); > if (err) { > err = errno; > /* Mount unsuccesful so we have to kill daemon */ >@@ -546,9 +598,16 @@ > void init_mount_info(struct ncp_mount_info *info) { > mode_t um; > >- memset(info, 0, sizeof(*info)); >- > myuid = getuid(); >+ myeuid = geteuid(); >+ >+ if (myeuid == 0) { >+ if (setreuid(-1, myuid)) { >+ errexit(87, _("Cannot relinquish superuser rights: %s\n"), strerror(errno)); >+ } >+ } >+ >+ memset(info, 0, sizeof(*info)); > > info->version = -1; > info->flags = MS_MGC_VAL; >@@ -649,7 +708,14 @@ > sr.name_space = NW_NS_DOS; > sr.dirEntNum = DVAL_LH(&dirinfo.Directory.dirEntNum, 0); > } >+ if (ncpm_suser()) { >+ return -errno; >+ } > result = ioctl(ncp_get_fid(conn), NCP_IOC_SETROOT, &sr); >+ if (ncpm_normal()) { >+ /* Just continue, otherwise we cannot unmount directory */ >+ return result ? -errno : -EPERM; >+ } > if (!result) { > return 0; > } >@@ -665,7 +731,15 @@ > #endif > return -ENOPKG; > } >- if (ioctl(ncp_get_fid(conn), NCP_IOC_CONN_LOGGED_IN, NULL) != 0) { >+ if (ncpm_suser()) { >+ return -errno; >+ } >+ result = ioctl(ncp_get_fid(conn), NCP_IOC_CONN_LOGGED_IN, NULL); >+ if (ncpm_normal()) { >+ /* Just continue, otherwise we cannot umount directory */ >+ return result ? -errno : -EPERM; >+ } >+ if (result != 0) { > return -errno; > } > return 0; >@@ -798,11 +872,14 @@ > return; > } > { >- char xxx[1024]; >+ char xxx[1024]; /* "cmd=XXXXXXXXXXX, len=XXXXXXXXX, data:" + 3x300 chars */ > char* p; > > sprintf(xxx, "cmd=%u, len=%u, data:", cmd, datalen); > p = xxx + strlen(xxx); >+ if (datalen > 300) { >+ datalen = 300; >+ } > while (datalen--) { > sprintf(p, " %02X", *data++); > p += 3; >@@ -1358,6 +1435,9 @@ > } > *p = 0; > >+ if (ncpm_suser()) { >+ errexit(91, _("Cannot switch to superuser: %s\n"), strerror(errno)); >+ } > if ((fd = open(MOUNTED "~", O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) > { > errexit(58, _("Can't get %s~ lock file\n"), MOUNTED); >@@ -1382,6 +1462,9 @@ > { > errexit(62, _("Can't remove %s~\n"), MOUNTED); > } >+ if (ncpm_normal()) { >+ errexit(90, _("Cannot relinquish superuser rights: %s\n"), strerror(EPERM)); >+ } > } > > static int __proc_option(const struct optinfo* opts, struct ncp_mount_info* info, const char* opt, const char* param) { >@@ -1635,6 +1718,10 @@ > if ((info->nls_cs.codepage[0] != 0) || (info->nls_cs.iocharset[0] != 0)) { > int i; > >+ if (ncpm_suser()) { >+ fprintf(stderr, _("Cannot switch to superuser: %s\n"), strerror(errno)); >+ return 90; >+ } > i = ioctl(ncp_get_fid(conn), NCP_IOC_SETCHARSETS, &info->nls_cs); > if (i && (errno == EINVAL)) { > struct ncp_nls_ioctl_old old_nls; >@@ -1645,6 +1732,10 @@ > old_nls.codepage = strtoul(p, NULL, 0); > strcpy(old_nls.iocharset, info->nls_cs.iocharset); > i = ioctl(ncp_get_fid(conn), NCP_IOC_SETCHARSETS_OLD, &old_nls); >+ } >+ if (ncpm_normal()) { >+ fprintf(stderr, _("Cannot relinquish superuser rights: %s\n"), strerror(-errno)); >+ return 91; > } > if (i) { > if (errno == EINVAL || errno == ENOTTY) { >===== sutil/ncpm_common.h 1.10 vs edited ===== >--- 1.10/sutil/ncpm_common.h 2004-05-30 00:03:03 +02:00 >+++ edited/sutil/ncpm_common.h 2005-01-14 00:26:46 +01:00 >@@ -16,6 +16,7 @@ > #include "ncpmount.h" > > uid_t myuid; >+uid_t myeuid; > char *progname; > char mount_point[MAXPATHLEN + 1]; > >@@ -118,6 +119,7 @@ > void proc_option(const struct optinfo* opts, struct ncp_mount_info* info, const char* opt, const char* param); > int proc_buildconn(struct ncp_mount_info* info); > int proc_aftermount(const struct ncp_mount_info* info, NWCONN_HANDLE* conn); >+int proc_ncpm_umount(const char* dir); > > #define UNUSED(x) x __attribute__((unused)) > >===== sutil/ncpmount.c 1.68 vs edited ===== >--- 1.68/sutil/ncpmount.c 2004-05-30 00:03:03 +02:00 >+++ edited/sutil/ncpmount.c 2005-01-14 00:25:31 +01:00 >@@ -171,7 +171,7 @@ > { > struct ncp_mount_info info; > struct stat st; >- char mount_name[256]; >+ char *mount_name; > #ifdef NDS_SUPPORT > NWDSContextHandle ctx; > NWCONN_HANDLE auth_conn; >@@ -350,7 +350,7 @@ > if (info.server && info.tree) { > errexit(66, _("Both tree and server name were specified. It is not allowed.\n")); > } >- if (geteuid() != 0) >+ if (myeuid != 0) > { > errexit(26, _("%s must be installed suid root\n"), progname); > } >@@ -594,13 +594,18 @@ > > info.mdata.mount_point = mount_point; > >- strcpy(mount_name, spec.server); >- strcat(mount_name, "/"); >- strcat(mount_name, spec.user); >+ if (asprintf(&mount_name, "%s/%s", spec.server, spec.user) < 0) { >+ NWDSFreeContext(ctx); >+ if (auth_conn) { >+ NWCCCloseConn(auth_conn); >+ } >+ errexit(85, _("Cannot allocate memory for mtab entry: %s\n"), strerror(ENOMEM)); >+ } > > result = ncp_mount(mount_name, &info); > if (result) > { >+ free(mount_name); > NWDSFreeContext(ctx); > if (auth_conn) { > NWCCCloseConn(auth_conn); >@@ -610,7 +615,8 @@ > } > err = proc_aftermount(&info, &conn); > if (err) { >- umount(info.mdata.mount_point); >+ proc_ncpm_umount(info.mdata.mount_point); >+ free(mount_name); > NWDSFreeContext(ctx); > if (auth_conn) { > NWCCCloseConn(auth_conn); >@@ -621,6 +627,8 @@ > if (info.auth_src != NULL) { > err = NWDSAuthenticateConn(ctx, conn); > if (err) { >+ proc_ncpm_umount(info.mdata.mount_point); >+ free(mount_name); > NWDSFreeContext(ctx); > if (auth_conn) { > NWCCCloseConn(auth_conn); >@@ -636,7 +644,8 @@ > mycom_err(err, _("in nds login")); > fprintf(stderr, _("Login denied.\n")); > ncp_close(conn); >- umount(mount_point); >+ proc_ncpm_umount(mount_point); >+ free(mount_name); > NWDSFreeContext(ctx); > if (auth_conn) { > NWCCCloseConn(auth_conn); >@@ -660,7 +669,8 @@ > mycom_err(err, _("in login")); > fprintf(stderr, _("Login denied\n")); > ncp_close(conn); >- umount(mount_point); >+ proc_ncpm_umount(mount_point); >+ free(mount_name); > NWDSFreeContext(ctx); > if (auth_conn) { > NWCCCloseConn(auth_conn); >@@ -682,6 +692,9 @@ > #endif > err = NWDSFreeContext(ctx); > if (err) { >+ ncp_close(conn); >+ proc_ncpm_umount(mount_point); >+ free(mount_name); > if (auth_conn) { > NWCCCloseConn(auth_conn); > } >@@ -694,7 +707,8 @@ > if ((err = ncp_mount_specific(conn, -1, info.NWpath, info.pathlen)) != 0) > { > ncp_close(conn); >- umount(mount_point); >+ proc_ncpm_umount(mount_point); >+ free(mount_name); > errexit(57, _("Cannot access path \"%s\": %s\n"), info.remote_path, strerror(-err)); > } > ncp_close(conn);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=48563">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 77414
:
48563
|
48689
|
48690
