Projects
Mega:23.03
systemd
_service:tar_scm:backport-nss-systemd-pack-pw_p...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch of Package systemd
From 84313bc5a262e87f49d176db169e1562d7060b33 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro <mcatanzaro@redhat.com> Date: Wed, 8 Sep 2021 13:42:16 -0500 Subject: [PATCH] nss-systemd: pack pw_passwd result into supplied buffer getpwnam_r() guarantees that the strings in the struct passwd that it returns are pointers into the buffer allocated by the application and passed to getpwnam_r(). This means applications may choose to modify the strings in place, as long as the length of the strings is not increased. So it's wrong for us to return a static string here, we really do have to copy it into the application-provided buffer like we do for all the other strings. This is only a theoretical problem since it would be very weird for an application to modify the pw_passwd field, but I spotted this when investigating a similar crash caused by glib editing a different field. See also: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244 (cherry picked from commit 92b264676ccd79c89da270aabc1ec466fa18cd0d) Conflict:NA Reference:https://github.com/systemd/systemd/commit/84313bc5a262e87f49d176db169e1562d7060b33 --- src/nss-systemd/userdb-glue.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c index a55790f641..c865ff0d82 100644 --- a/src/nss-systemd/userdb-glue.c +++ b/src/nss-systemd/userdb-glue.c @@ -35,6 +35,8 @@ int nss_pack_user_record( assert(hr->user_name); required = strlen(hr->user_name) + 1; + required += 2; /* strlen(PASSWORD_SEE_SHADOW) + 1 */ + assert_se(rn = user_record_real_name(hr)); required += strlen(rn) + 1; @@ -51,12 +53,12 @@ int nss_pack_user_record( .pw_name = buffer, .pw_uid = hr->uid, .pw_gid = user_record_gid(hr), - .pw_passwd = (char*) PASSWORD_SEE_SHADOW, }; assert(buffer); - pwd->pw_gecos = stpcpy(pwd->pw_name, hr->user_name) + 1; + pwd->pw_passwd = stpcpy(pwd->pw_name, hr->user_name) + 1; + pwd->pw_gecos = stpcpy(pwd->pw_passwd, PASSWORD_SEE_SHADOW) + 1; pwd->pw_dir = stpcpy(pwd->pw_gecos, rn) + 1; pwd->pw_shell = stpcpy(pwd->pw_dir, hd) + 1; strcpy(pwd->pw_shell, shell); -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2