SSSD / sssd

Clone

c86904b NSS: Don't use printf(3) on user provided strings.

6 files Authored by stefw 10 years ago, Committed by jhrozek 10 years ago,
raw patch tree parent
6 files changed. 97 lines added. 209 lines removed.
src/responder/nss/nsssrv_cmd.c
file modified
+45 -87
src/tests/cmocka/test_fqnames.c
file modified
+0 -21
src/tests/cmocka/test_nss_srv.c
file modified
+10 -11
src/tests/cmocka/test_utils.c
file modified
+2 -4
src/util/usertools.c
file modified
+37 -77
src/util/util.h
file modified
+3 -9 
    NSS: Don't use printf(3) on user provided strings.
    
    This also fixes several corner cases and crashers.
    
    It's not prudent to pass user input to (even admin) input as a
    format string to printf, and various distros now check for this.
    This can cause accessing memory incorrectly, and various also
    various libc abort()'s.
    
    In addition various assumptions were made about full_name_format
    that aren't necessarily the case if the user uses a more complex
    format.
    
    Use safe-printf.c implementation for formatting full_name_format.
    
    Adapt the NSS resolver so it doesn't barf on formatted strings that
    are shorter than expected given a full_name_format.
    
    Tests added and updated appropriately.
file modified
+45 -87
file modified
+0 -21
file modified
+10 -11
file modified
+2 -4
file modified
+37 -77
file modified
+3 -9
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.