diff options
author | Lennart Poettering <lennart@poettering.net> | 2019-01-18 20:13:55 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2019-02-08 10:34:47 +0100 |
commit | cdccd29f39cd20cb2a8b71e50445eb839f076331 (patch) | |
tree | 22361057d01ea2c1aae6246546b4d00fc28a7349 /src | |
parent | 840f606d88fef2f5d240b2d759ce7b951354d5bb (diff) | |
download | systemd-cdccd29f39cd20cb2a8b71e50445eb839f076331.tar.gz |
nss: unportect errno before writing to NSS' *errnop
Fixes: #11321
Diffstat (limited to 'src')
-rw-r--r-- | src/nss-myhostname/nss-myhostname.c | 13 | ||||
-rw-r--r-- | src/nss-mymachines/nss-mymachines.c | 13 | ||||
-rw-r--r-- | src/nss-resolve/nss-resolve.c | 8 | ||||
-rw-r--r-- | src/nss-systemd/nss-systemd.c | 10 |
4 files changed, 44 insertions, 0 deletions
diff --git a/src/nss-myhostname/nss-myhostname.c b/src/nss-myhostname/nss-myhostname.c index 5abc0c91bf..e491351dee 100644 --- a/src/nss-myhostname/nss-myhostname.c +++ b/src/nss-myhostname/nss-myhostname.c @@ -74,6 +74,7 @@ enum nss_status _nss_myhostname_gethostbyname4_r( } else { hn = gethostname_malloc(); if (!hn) { + UNPROTECT_ERRNO; *errnop = ENOMEM; *h_errnop = NO_RECOVERY; return NSS_STATUS_TRYAGAIN; @@ -96,6 +97,7 @@ enum nss_status _nss_myhostname_gethostbyname4_r( l = strlen(canonical); ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * (n_addresses > 0 ? n_addresses : 2); if (buflen < ms) { + UNPROTECT_ERRNO; *errnop = ERANGE; *h_errnop = NETDB_INTERNAL; return NSS_STATUS_TRYAGAIN; @@ -186,6 +188,8 @@ static enum nss_status fill_in_hostent( assert(errnop); assert(h_errnop); + PROTECT_ERRNO; + alen = FAMILY_ADDRESS_SIZE(af); for (a = addresses, n = 0, c = 0; n < n_addresses; a++, n++) @@ -202,6 +206,7 @@ static enum nss_status fill_in_hostent( (c > 0 ? c+1 : 2) * sizeof(char*); if (buflen < ms) { + UNPROTECT_ERRNO; *errnop = ERANGE; *h_errnop = NETDB_INTERNAL; return NSS_STATUS_TRYAGAIN; @@ -321,6 +326,7 @@ enum nss_status _nss_myhostname_gethostbyname3_r( af = AF_INET; if (!IN_SET(af, AF_INET, AF_INET6)) { + UNPROTECT_ERRNO; *errnop = EAFNOSUPPORT; *h_errnop = NO_DATA; return NSS_STATUS_UNAVAIL; @@ -343,6 +349,7 @@ enum nss_status _nss_myhostname_gethostbyname3_r( } else { hn = gethostname_malloc(); if (!hn) { + UNPROTECT_ERRNO; *errnop = ENOMEM; *h_errnop = NO_RECOVERY; return NSS_STATUS_TRYAGAIN; @@ -362,6 +369,8 @@ enum nss_status _nss_myhostname_gethostbyname3_r( local_address_ipv4 = LOCALADDRESS_IPV4; } + UNPROTECT_ERRNO; + return fill_in_hostent( canonical, additional, af, @@ -401,12 +410,14 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r( assert(h_errnop); if (!IN_SET(af, AF_INET, AF_INET6)) { + UNPROTECT_ERRNO; *errnop = EAFNOSUPPORT; *h_errnop = NO_DATA; return NSS_STATUS_UNAVAIL; } if (len != FAMILY_ADDRESS_SIZE(af)) { + UNPROTECT_ERRNO; *errnop = EINVAL; *h_errnop = NO_RECOVERY; return NSS_STATUS_UNAVAIL; @@ -461,6 +472,7 @@ found: if (!canonical || additional_from_hostname) { hn = gethostname_malloc(); if (!hn) { + UNPROTECT_ERRNO; *errnop = ENOMEM; *h_errnop = NO_RECOVERY; return NSS_STATUS_TRYAGAIN; @@ -472,6 +484,7 @@ found: additional = hn; } + UNPROTECT_ERRNO; return fill_in_hostent( canonical, additional, af, diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c index 3d1fc28353..486a658958 100644 --- a/src/nss-mymachines/nss-mymachines.c +++ b/src/nss-mymachines/nss-mymachines.c @@ -153,6 +153,7 @@ enum nss_status _nss_mymachines_gethostbyname4_r( l = strlen(name); ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * c; if (buflen < ms) { + UNPROTECT_ERRNO; *errnop = ERANGE; *h_errnop = NETDB_INTERNAL; return NSS_STATUS_TRYAGAIN; @@ -227,6 +228,7 @@ enum nss_status _nss_mymachines_gethostbyname4_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; *h_errnop = NO_DATA; return NSS_STATUS_UNAVAIL; @@ -313,6 +315,7 @@ enum nss_status _nss_mymachines_gethostbyname3_r( ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*); if (buflen < ms) { + UNPROTECT_ERRNO; *errnop = ERANGE; *h_errnop = NETDB_INTERNAL; return NSS_STATUS_TRYAGAIN; @@ -396,6 +399,7 @@ enum nss_status _nss_mymachines_gethostbyname3_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; *h_errnop = NO_DATA; return NSS_STATUS_UNAVAIL; @@ -484,6 +488,7 @@ enum nss_status _nss_mymachines_getpwnam_r( l = strlen(name); if (buflen < l+1) { + UNPROTECT_ERRNO; *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } @@ -501,6 +506,7 @@ enum nss_status _nss_mymachines_getpwnam_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; return NSS_STATUS_UNAVAIL; } @@ -564,6 +570,7 @@ enum nss_status _nss_mymachines_getpwuid_r( return NSS_STATUS_NOTFOUND; if (snprintf(buffer, buflen, "vu-%s-" UID_FMT, machine, (uid_t) mapped) >= (int) buflen) { + UNPROTECT_ERRNO; *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } @@ -579,6 +586,7 @@ enum nss_status _nss_mymachines_getpwuid_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; return NSS_STATUS_UNAVAIL; } @@ -662,6 +670,7 @@ enum nss_status _nss_mymachines_getgrnam_r( l = sizeof(char*) + strlen(name) + 1; if (buflen < l) { + UNPROTECT_ERRNO; *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } @@ -677,6 +686,7 @@ enum nss_status _nss_mymachines_getgrnam_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; return NSS_STATUS_UNAVAIL; } @@ -740,12 +750,14 @@ enum nss_status _nss_mymachines_getgrgid_r( return NSS_STATUS_NOTFOUND; if (buflen < sizeof(char*) + 1) { + UNPROTECT_ERRNO; *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } memzero(buffer, sizeof(char*)); if (snprintf(buffer + sizeof(char*), buflen - sizeof(char*), "vg-%s-" GID_FMT, machine, (gid_t) mapped) >= (int) buflen) { + UNPROTECT_ERRNO; *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } @@ -758,6 +770,7 @@ enum nss_status _nss_mymachines_getgrgid_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; return NSS_STATUS_UNAVAIL; } diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c index a28b5d8ba8..8370fed076 100644 --- a/src/nss-resolve/nss-resolve.c +++ b/src/nss-resolve/nss-resolve.c @@ -186,6 +186,7 @@ enum nss_status _nss_resolve_gethostbyname4_r( l = strlen(canonical); ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * c; if (buflen < ms) { + UNPROTECT_ERRNO; *errnop = ERANGE; *h_errnop = NETDB_INTERNAL; return NSS_STATUS_TRYAGAIN; @@ -267,6 +268,7 @@ enum nss_status _nss_resolve_gethostbyname4_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; *h_errnop = NO_RECOVERY; return ret; @@ -364,6 +366,7 @@ enum nss_status _nss_resolve_gethostbyname3_r( ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*); if (buflen < ms) { + UNPROTECT_ERRNO; *errnop = ERANGE; *h_errnop = NETDB_INTERNAL; return NSS_STATUS_TRYAGAIN; @@ -455,6 +458,7 @@ enum nss_status _nss_resolve_gethostbyname3_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; *h_errnop = NO_RECOVERY; return ret; @@ -492,12 +496,14 @@ enum nss_status _nss_resolve_gethostbyaddr2_r( assert(h_errnop); if (!IN_SET(af, AF_INET, AF_INET6)) { + UNPROTECT_ERRNO; *errnop = EAFNOSUPPORT; *h_errnop = NO_DATA; return NSS_STATUS_UNAVAIL; } if (len != FAMILY_ADDRESS_SIZE(af)) { + UNPROTECT_ERRNO; *errnop = EINVAL; *h_errnop = NO_RECOVERY; return NSS_STATUS_UNAVAIL; @@ -576,6 +582,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r( c * sizeof(char*); /* pointers to aliases, plus trailing NULL */ if (buflen < ms) { + UNPROTECT_ERRNO; *errnop = ERANGE; *h_errnop = NETDB_INTERNAL; return NSS_STATUS_TRYAGAIN; @@ -636,6 +643,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; *h_errnop = NO_RECOVERY; return ret; diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index f554828d49..f8db27ae27 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -210,6 +210,7 @@ enum nss_status _nss_systemd_getpwnam_r( l = strlen(name); if (buflen < l+1) { + UNPROTECT_ERRNO; *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } @@ -227,6 +228,7 @@ enum nss_status _nss_systemd_getpwnam_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; return NSS_STATUS_UNAVAIL; } @@ -310,6 +312,7 @@ enum nss_status _nss_systemd_getpwuid_r( l = strlen(translated) + 1; if (buflen < l) { + UNPROTECT_ERRNO; *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } @@ -327,6 +330,7 @@ enum nss_status _nss_systemd_getpwuid_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; return NSS_STATUS_UNAVAIL; } @@ -408,6 +412,7 @@ enum nss_status _nss_systemd_getgrnam_r( l = sizeof(char*) + strlen(name) + 1; if (buflen < l) { + UNPROTECT_ERRNO; *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } @@ -423,6 +428,7 @@ enum nss_status _nss_systemd_getgrnam_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; return NSS_STATUS_UNAVAIL; } @@ -506,6 +512,7 @@ enum nss_status _nss_systemd_getgrgid_r( l = sizeof(char*) + strlen(translated) + 1; if (buflen < l) { + UNPROTECT_ERRNO; *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } @@ -521,6 +528,7 @@ enum nss_status _nss_systemd_getgrgid_r( return NSS_STATUS_SUCCESS; fail: + UNPROTECT_ERRNO; *errnop = -r; return NSS_STATUS_UNAVAIL; } @@ -740,6 +748,7 @@ enum nss_status _nss_systemd_getpwent_r(struct passwd *result, char *buffer, siz LIST_FOREACH(entries, p, getpwent_data.position) { len = strlen(p->name) + 1; if (buflen < len) { + UNPROTECT_ERRNO; *errnop = ERANGE; ret = NSS_STATUS_TRYAGAIN; goto finalize; @@ -791,6 +800,7 @@ enum nss_status _nss_systemd_getgrent_r(struct group *result, char *buffer, size LIST_FOREACH(entries, p, getgrent_data.position) { len = sizeof(char*) + strlen(p->name) + 1; if (buflen < len) { + UNPROTECT_ERRNO; *errnop = ERANGE; ret = NSS_STATUS_TRYAGAIN; goto finalize; |