[nss-pam-ldapd] Update to 0.8.12, part 3
Nalin Dahyabhai
nalin at fedoraproject.org
Fri Jan 18 20:30:07 UTC 2013
commit 93520225bb3be172e49673492078cb2ffe4178d0
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Thu Jan 17 18:10:45 2013 -0500
Update to 0.8.12, part 3
Forward-port our local patch to catch out-of-range UID and GID values
when we read them.
...atch => nss-pam-ldapd-0.8.12-uid-overflow.patch | 41 ++++++++++----------
nss-pam-ldapd.spec | 2 +-
2 files changed, 22 insertions(+), 21 deletions(-)
---
diff --git a/nss-pam-ldapd-0.7.x-uid-overflow.patch b/nss-pam-ldapd-0.8.12-uid-overflow.patch
similarity index 58%
rename from nss-pam-ldapd-0.7.x-uid-overflow.patch
rename to nss-pam-ldapd-0.8.12-uid-overflow.patch
index 441802f..815e82d 100644
--- a/nss-pam-ldapd-0.7.x-uid-overflow.patch
+++ b/nss-pam-ldapd-0.8.12-uid-overflow.patch
@@ -1,22 +1,25 @@
-diff -up nss-pam-ldapd-0.7.17/nslcd/common.c.overflow nss-pam-ldapd-0.7.17/nslcd/common.c
---- nss-pam-ldapd-0.7.17/nslcd/common.c.overflow 2012-09-09 19:51:44.254856507 +0200
-+++ nss-pam-ldapd-0.7.17/nslcd/common.c 2012-09-09 19:52:32.602252083 +0200
-@@ -148,19 +148,25 @@ int read_address(TFILE *fp,char *addr,in
- return 0;
+Always use a function that we know will catch out-of-range values for UIDs and
+GIDs, which are currently unsigned 32-bit numbers everywhere, and which won't
+produce a result that'll silently be truncated if we store the result in a
+uid_t or gid_t.
+--- nss-pam-ldapd/nslcd/common.c
++++ nss-pam-ldapd/nslcd/common.c
+@@ -273,19 +273,23 @@ long int binsid2id(const char *binsid)
+ ((((long int)binsid[i+2])&0xff)<<16)|((((long int)binsid[i+3])&0xff)<<24);
}
-#ifdef WANT_STRTOUI
-+
- /* provide a strtoui() implementation, similar to strtoul() but returning
+-/* provide a strtoui() implementation, similar to strtoul() but returning
++/* provide a strtoid() implementation, similar to strtoul() but returning
an range-checked unsigned int instead */
-unsigned int strtoui(const char *nptr,char **endptr,int base)
-+uint32_t strtoid(const char *nptr,char **endptr,int base)
++unsigned int strtoid(const char *nptr,char **endptr,int base)
{
- unsigned long val;
- val=strtoul(nptr,endptr,base);
- if (val>UINT_MAX)
+ long long val;
-+
++ /* use the fact that long long is 64-bit, even on 32-bit systems */
+ val=strtoll(nptr,endptr,base);
+ if (val>UINT32_MAX)
{
@@ -24,24 +27,22 @@ diff -up nss-pam-ldapd-0.7.17/nslcd/common.c.overflow nss-pam-ldapd-0.7.17/nslcd
- return UINT_MAX;
+ return UINT32_MAX;
}
-- /* If errno was set by strtoull, we'll pass it back as-is */
+- /* If errno was set by strtoul, we'll pass it back as-is */
- return (unsigned int)val;
-+ else if (val<0)
++ else if (val < 0)
+ {
+ errno=EINVAL;
+ return UINT32_MAX;
+ }
-+
+ /* If errno was set, we'll pass it back as-is */
-+ return (uint32_t) val;
++ return (uint32_t)val;
}
-#endif /* WANT_STRTOUI */
-diff -up nss-pam-ldapd-0.7.17/nslcd/common.h.overflow nss-pam-ldapd-0.7.17/nslcd/common.h
---- nss-pam-ldapd-0.7.17/nslcd/common.h.overflow 2012-09-09 19:51:49.826786849 +0200
-+++ nss-pam-ldapd-0.7.17/nslcd/common.h 2012-09-09 19:52:53.669988699 +0200
-@@ -98,31 +98,9 @@ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *
- /* transforms the uid into a DN by doing an LDAP lookup */
- MUST_USE char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen);
+--- nss-pam-ldapd/nslcd/common.h
++++ nss-pam-ldapd/nslcd/common.h
+@@ -139,31 +139,9 @@ int nsswitch_db_uses_ldap(const char *fi
+ #endif /* _POSIX_HOST_NAME_MAX */
+ #endif /* not HOST_NAME_MAX */
-/* provide strtouid() function alias */
-#if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT
@@ -70,7 +71,7 @@ diff -up nss-pam-ldapd-0.7.17/nslcd/common.h.overflow nss-pam-ldapd-0.7.17/nslcd
-#endif
+uint32_t strtoid(const char *nptr,char **endptr,int base);
+#define strtouid (uid_t)strtoid
-+#define strtogid (uid_t)strtoid
++#define strtogid (gid_t)strtoid
#ifdef WANT_STRTOUI
/* provide a strtoui() if it is needed */
diff --git a/nss-pam-ldapd.spec b/nss-pam-ldapd.spec
index 34977c3..c873f9c 100644
--- a/nss-pam-ldapd.spec
+++ b/nss-pam-ldapd.spec
@@ -25,7 +25,7 @@ Source2: nslcd.init
Source3: nslcd.tmpfiles
Source4: nslcd.service
Patch1: nss-pam-ldapd-0.8.12-validname.patch
-Patch3: nss-pam-ldapd-0.7.x-uid-overflow.patch
+Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch
Patch4: nss-pam-ldapd-0.7.x-epipe.patch
Patch5: nss-pam-ldapd-0.7.16-skipall.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
More information about the scm-commits
mailing list