+2014-05-12 Andreas Schwab <schwab@suse.de>
+
+ [BZ #16932]
+ * nis/nss_nis/nis-hosts.c (internal_gethostbyname2_r)
+ (_nss_nis_gethostbyname4_r): Return error if item length is larger
+ than maximum RPC packet size.
+ * nis/nss_nis/nis-initgroups.c (initgroups_netid): Likewise.
+ * nis/nss_nis/nis-network.c (_nss_nis_getnetbyname_r): Likewise.
+ * nis/nss_nis/nis-service.c (_nss_nis_getservbyname_r)
+ (_nss_nis_getservbyport_r): Likewise.
+
2014-05-12 Will Newton <will.newton@linaro.org>
* malloc/Makefile (tests): Add tst-mallopt.
16677, 16680, 16683, 16689, 16695, 16701, 16706, 16707, 16712, 16713,
16714, 16731, 16739, 16740, 16743, 16754, 16758, 16759, 16760, 16770,
16786, 16789, 16791, 16799, 16800, 16815, 16823, 16824, 16831, 16838,
- 16854, 16876, 16877, 16885, 16888, 16890, 16912, 16916, 16922.
+ 16854, 16876, 16877, 16885, 16888, 16890, 16912, 16916, 16922, 16932.
* The minimum Linux kernel version that this version of the GNU C Library
can be used with is 2.6.32.
/* Convert name to lowercase. */
size_t namlen = strlen (name);
+ /* Limit name length to the maximum size of an RPC packet. */
+ if (namlen > UDPMSGSIZE)
+ {
+ *errnop = ERANGE;
+ return NSS_STATUS_UNAVAIL;
+ }
+
char name2[namlen + 1];
size_t i;
/* Convert name to lowercase. */
size_t namlen = strlen (name);
+ /* Limit name length to the maximum size of an RPC packet. */
+ if (namlen > UDPMSGSIZE)
+ {
+ *errnop = ERANGE;
+ return NSS_STATUS_UNAVAIL;
+ }
+
char name2[namlen + 1];
size_t i;
gid_t **groupsp, long int limit, int *errnop,
const char *domainname)
{
+ /* Limit domainname length to the maximum size of an RPC packet. */
+ if (strlen (domainname) > UDPMSGSIZE)
+ {
+ *errnop = ERANGE;
+ return NSS_STATUS_UNAVAIL;
+ }
+
/* Prepare the key. The form is "unix.UID@DOMAIN" with the UID and
DOMAIN field filled in appropriately. */
char key[sizeof ("unix.@") + sizeof (uid_t) * 3 + strlen (domainname)];
/* Convert name to lowercase. */
size_t namlen = strlen (name);
+ /* Limit name length to the maximum size of an RPC packet. */
+ if (namlen > UDPMSGSIZE)
+ {
+ *errnop = ERANGE;
+ return NSS_STATUS_UNAVAIL;
+ }
+
char name2[namlen + 1];
size_t i;
/* If the protocol is given, we could try if our NIS server knows
about services.byservicename map. If yes, we only need one query. */
size_t keylen = strlen (name) + (protocol ? 1 + strlen (protocol) : 0);
+ /* Limit key length to the maximum size of an RPC packet. */
+ if (keylen > UDPMSGSIZE)
+ {
+ *errnop = ERANGE;
+ return NSS_STATUS_UNAVAIL;
+ }
+
char key[keylen + 1];
/* key is: "name/proto" */
Otherwise try first port/tcp, then port/udp and then fallback
to sequential scanning of services.byname. */
const char *proto = protocol != NULL ? protocol : "tcp";
+ /* Limit protocol name length to the maximum size of an RPC packet. */
+ if (strlen (proto) > UDPMSGSIZE)
+ {
+ *errnop = ERANGE;
+ return NSS_STATUS_UNAVAIL;
+ }
+
do
{
/* key is: "port/proto" */
projects / external / glibc.git / commitdiff