[nss-pam-ldapd] Update to 0.8.12, part 3

Nalin Dahyabhai nalin at fedoraproject.org
Fri Jan 18 20:30:07 UTC 2013 

commit 93520225bb3be172e49673492078cb2ffe4178d0
Author: Nalin Dahyabhai <nalin at redhat.com>
Date:   Thu Jan 17 18:10:45 2013 -0500

    Update to 0.8.12, part 3
    
    Forward-port our local patch to catch out-of-range UID and GID values
    when we read them.

 ...atch => nss-pam-ldapd-0.8.12-uid-overflow.patch |   41 ++++++++++----------
 nss-pam-ldapd.spec                                 |    2 +-
 2 files changed, 22 insertions(+), 21 deletions(-)
---
diff --git a/nss-pam-ldapd-0.7.x-uid-overflow.patch b/nss-pam-ldapd-0.8.12-uid-overflow.patch
similarity index 58%
rename from nss-pam-ldapd-0.7.x-uid-overflow.patch
rename to nss-pam-ldapd-0.8.12-uid-overflow.patch
index 441802f..815e82d 100644
--- a/nss-pam-ldapd-0.7.x-uid-overflow.patch
+++ b/nss-pam-ldapd-0.8.12-uid-overflow.patch
@@ -1,22 +1,25 @@
-diff -up nss-pam-ldapd-0.7.17/nslcd/common.c.overflow nss-pam-ldapd-0.7.17/nslcd/common.c
---- nss-pam-ldapd-0.7.17/nslcd/common.c.overflow	2012-09-09 19:51:44.254856507 +0200
-+++ nss-pam-ldapd-0.7.17/nslcd/common.c	2012-09-09 19:52:32.602252083 +0200
-@@ -148,19 +148,25 @@ int read_address(TFILE *fp,char *addr,in
-   return 0;
+Always use a function that we know will catch out-of-range values for UIDs and
+GIDs, which are currently unsigned 32-bit numbers everywhere, and which won't
+produce a result that'll silently be truncated if we store the result in a
+uid_t or gid_t.
+--- nss-pam-ldapd/nslcd/common.c
++++ nss-pam-ldapd/nslcd/common.c
+@@ -273,19 +273,23 @@ long int binsid2id(const char *binsid)
+          ((((long int)binsid[i+2])&0xff)<<16)|((((long int)binsid[i+3])&0xff)<<24);
  }
  
 -#ifdef WANT_STRTOUI
-+
- /* provide a strtoui() implementation, similar to strtoul() but returning
+-/* provide a strtoui() implementation, similar to strtoul() but returning
++/* provide a strtoid() implementation, similar to strtoul() but returning
     an range-checked unsigned int instead */
 -unsigned int strtoui(const char *nptr,char **endptr,int base)
-+uint32_t strtoid(const char *nptr,char **endptr,int base)
++unsigned int strtoid(const char *nptr,char **endptr,int base)
  {
 -  unsigned long val;
 -  val=strtoul(nptr,endptr,base);
 -  if (val>UINT_MAX)
 +  long long val;
-+
++  /* use the fact that long long is 64-bit, even on 32-bit systems */
 +  val=strtoll(nptr,endptr,base);
 +  if (val>UINT32_MAX)
    {
@@ -24,24 +27,22 @@ diff -up nss-pam-ldapd-0.7.17/nslcd/common.c.overflow nss-pam-ldapd-0.7.17/nslcd
 -    return UINT_MAX;
 +    return UINT32_MAX;
    }
--  /* If errno was set by strtoull, we'll pass it back as-is */
+-  /* If errno was set by strtoul, we'll pass it back as-is */
 -  return (unsigned int)val;
-+  else if (val<0)
++  else if (val < 0)
 +  {
 +    errno=EINVAL;
 +    return UINT32_MAX;
 +  }
-+
 +  /* If errno was set, we'll pass it back as-is */
-+  return (uint32_t) val;
++  return (uint32_t)val;
  }
 -#endif /* WANT_STRTOUI */
-diff -up nss-pam-ldapd-0.7.17/nslcd/common.h.overflow nss-pam-ldapd-0.7.17/nslcd/common.h
---- nss-pam-ldapd-0.7.17/nslcd/common.h.overflow	2012-09-09 19:51:49.826786849 +0200
-+++ nss-pam-ldapd-0.7.17/nslcd/common.h	2012-09-09 19:52:53.669988699 +0200
-@@ -98,31 +98,9 @@ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *
- /* transforms the uid into a DN by doing an LDAP lookup */
- MUST_USE char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen);
+--- nss-pam-ldapd/nslcd/common.h
++++ nss-pam-ldapd/nslcd/common.h
+@@ -139,31 +139,9 @@ int nsswitch_db_uses_ldap(const char *fi
+ #endif /* _POSIX_HOST_NAME_MAX */
+ #endif /* not HOST_NAME_MAX */
  
 -/* provide strtouid() function alias */
 -#if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT
@@ -70,7 +71,7 @@ diff -up nss-pam-ldapd-0.7.17/nslcd/common.h.overflow nss-pam-ldapd-0.7.17/nslcd
 -#endif
 +uint32_t strtoid(const char *nptr,char **endptr,int base);
 +#define strtouid (uid_t)strtoid
-+#define strtogid (uid_t)strtoid
++#define strtogid (gid_t)strtoid
  
  #ifdef WANT_STRTOUI
  /* provide a strtoui() if it is needed */
diff --git a/nss-pam-ldapd.spec b/nss-pam-ldapd.spec
index 34977c3..c873f9c 100644
--- a/nss-pam-ldapd.spec
+++ b/nss-pam-ldapd.spec
@@ -25,7 +25,7 @@ Source2:	nslcd.init
 Source3:	nslcd.tmpfiles
 Source4:	nslcd.service
 Patch1:		nss-pam-ldapd-0.8.12-validname.patch
-Patch3:		nss-pam-ldapd-0.7.x-uid-overflow.patch
+Patch3:		nss-pam-ldapd-0.8.12-uid-overflow.patch
 Patch4:		nss-pam-ldapd-0.7.x-epipe.patch
 Patch5:		nss-pam-ldapd-0.7.16-skipall.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

More information about the scm-commits mailing list