Learn more about these different git repos.
Other Git URLs
We aren't properly checking the length and null-termination of the strings passed to us from glibc. We need to do the following:
Define a new macro, {{{SSS_NAME_LENGTH}}} and set it to equal {{{LOGIN_NAME_MAX}}} from limits.h on platforms that have it, otherwise set it explicitly to 256.
If the names are too long, we should simply return an error, rather than passing the overlong name through the socket to SSSD.
There is no security exposure here, as the receiving daemon properly terminates everything. It can cause a wasteful amount of memory use, however. So it's a bug that should be fixed.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.7.91 (1.8.0 beta 1)
rhbz: => 0
owner: somebody => sgallagh
Fixed in master: 22c7230
resolution: => fixed status: new => closed
Metadata Update from @sgallagh: - Issue assigned to sgallagh - Issue set to the milestone: SSSD 1.8 beta
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2177
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.