Author: truckman
Date: Fri May 20 06:19:00 2016
New Revision: 300268
URL: https://svnweb.freebsd.org/changeset/base/300268
Log:
MFC r290903, r299573
r290903 is needed to prevent a conflict whem merging r299573
r290903 | araujo | 2015-11-15 19:18:40 -0800 (Sun, 15 Nov 2015) | 5 lines
Don't need cast malloc.
r299573 | truckman | 2016-05-12 14:35:40 -0700 (Thu, 12 May 2016) | 10 lines
Use strlcpy() instead of strncpy() when copying to dom_domain to
ensure that the latter is NUL terminated since it is passed
as an argument to *printf().
Warn about NIS domains that are too long.
Reported by: Coverity
CID: 1009620, 1009621
Modified:
stable/10/usr.sbin/ypbind/ypbind.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/usr.sbin/ypbind/ypbind.c
==============================================================================
--- stable/10/usr.sbin/ypbind/ypbind.c Fri May 20 06:06:21 2016
(r300267)
+++ stable/10/usr.sbin/ypbind/ypbind.c Fri May 20 06:19:00 2016
(r300268)
@@ -199,14 +199,19 @@ rejecting.", *argp);
res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
return (&res);
}
- ypdb = (struct _dom_binding *)malloc(sizeof *ypdb);
+ if (strlen(*argp) > YPMAXDOMAIN) {
+ syslog(LOG_WARNING, "domain %s too long", *argp);
+ res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
+ return (&res);
+ }
+ ypdb = malloc(sizeof *ypdb);
if (ypdb == NULL) {
syslog(LOG_WARNING, "malloc: %m");
res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
return (&res);
}
bzero(ypdb, sizeof *ypdb);
- strncpy(ypdb->dom_domain, *argp, sizeof ypdb->dom_domain);
+ strlcpy(ypdb->dom_domain, *argp, sizeof ypdb->dom_domain);
ypdb->dom_vers = YPVERS;
ypdb->dom_alive = 0;
ypdb->dom_default = 0;
@@ -412,6 +417,9 @@ main(int argc, char *argv[])
errx(1, "unknown option: %s", argv[i]);
}
+ if (strlen(domain_name) > YPMAXDOMAIN)
+ warnx("truncating domain name %s", domain_name);
+
/* blow away everything in BINDINGDIR (if it exists) */
if ((dird = opendir(BINDINGDIR)) != NULL) {
@@ -448,11 +456,11 @@ main(int argc, char *argv[])
errx(1, "unable to register (YPBINDPROG, YPBINDVERS, tcp)");
/* build initial domain binding, make it "unsuccessful" */
- ypbindlist = (struct _dom_binding *)malloc(sizeof *ypbindlist);
+ ypbindlist = malloc(sizeof *ypbindlist);
if (ypbindlist == NULL)
errx(1, "malloc");
bzero(ypbindlist, sizeof *ypbindlist);
- strncpy(ypbindlist->dom_domain, domain_name, sizeof
ypbindlist->dom_domain);
+ strlcpy(ypbindlist->dom_domain, domain_name, sizeof
ypbindlist->dom_domain);
ypbindlist->dom_vers = YPVERS;
ypbindlist->dom_alive = 0;
ypbindlist->dom_lockfd = -1;
@@ -883,13 +891,17 @@ rpc_received(char *dom, struct sockaddr_
if (ypdb == NULL) {
if (force == 0)
return;
- ypdb = (struct _dom_binding *)malloc(sizeof *ypdb);
+ if (strlen(dom) > YPMAXDOMAIN) {
+ syslog(LOG_WARNING, "domain %s too long", dom);
+ return;
+ }
+ ypdb = malloc(sizeof *ypdb);
if (ypdb == NULL) {
syslog(LOG_WARNING, "malloc: %m");
return;
}
bzero(ypdb, sizeof *ypdb);
- strncpy(ypdb->dom_domain, dom, sizeof ypdb->dom_domain);
+ strlcpy(ypdb->dom_domain, dom, sizeof ypdb->dom_domain);
ypdb->dom_lockfd = -1;
ypdb->dom_default = 0;
ypdb->dom_pnext = ypbindlist;
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"
