FreeBSD Mail Archives

Date:      Fri, 20 May 2016 06:19:00 +0000 (UTC)
From:      Don Lewis <truckman@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r300268 - stable/10/usr.sbin/ypbind
Message-ID:  <201605200619.u4K6J0lW078587@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: truckman
Date: Fri May 20 06:19:00 2016
New Revision: 300268
URL: https://svnweb.freebsd.org/changeset/base/300268

Log:
  MFC r290903, r299573
  
  r290903 is needed to prevent a conflict whem merging r299573
  
  r290903 | araujo | 2015-11-15 19:18:40 -0800 (Sun, 15 Nov 2015) | 5 lines
  
  Don't need cast malloc.
  
  r299573 | truckman | 2016-05-12 14:35:40 -0700 (Thu, 12 May 2016) | 10 lines
  
  Use strlcpy() instead of strncpy() when copying to dom_domain to
  ensure that the latter is NUL terminated since it is passed
  as an argument to *printf().
  
  Warn about NIS domains that are too long.
  
  Reported by:	Coverity
  CID:		1009620, 1009621

Modified:
  stable/10/usr.sbin/ypbind/ypbind.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.sbin/ypbind/ypbind.c
==============================================================================
--- stable/10/usr.sbin/ypbind/ypbind.c	Fri May 20 06:06:21 2016	(r300267)
+++ stable/10/usr.sbin/ypbind/ypbind.c	Fri May 20 06:19:00 2016	(r300268)
@@ -199,14 +199,19 @@ rejecting.", *argp);
 			res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
 			return (&res);
 		}
-		ypdb = (struct _dom_binding *)malloc(sizeof *ypdb);
+		if (strlen(*argp) > YPMAXDOMAIN) {
+			syslog(LOG_WARNING, "domain %s too long", *argp);
+			res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
+			return (&res);
+		}
+		ypdb = malloc(sizeof *ypdb);
 		if (ypdb == NULL) {
 			syslog(LOG_WARNING, "malloc: %m");
 			res.ypbind_resp_u.ypbind_error = YPBIND_ERR_RESC;
 			return (&res);
 		}
 		bzero(ypdb, sizeof *ypdb);
-		strncpy(ypdb->dom_domain, *argp, sizeof ypdb->dom_domain);
+		strlcpy(ypdb->dom_domain, *argp, sizeof ypdb->dom_domain);
 		ypdb->dom_vers = YPVERS;
 		ypdb->dom_alive = 0;
 		ypdb->dom_default = 0;
@@ -412,6 +417,9 @@ main(int argc, char *argv[])
 			errx(1, "unknown option: %s", argv[i]);
 	}
 
+	if (strlen(domain_name) > YPMAXDOMAIN)
+		warnx("truncating domain name %s", domain_name);
+
 	/* blow away everything in BINDINGDIR (if it exists) */
 
 	if ((dird = opendir(BINDINGDIR)) != NULL) {
@@ -448,11 +456,11 @@ main(int argc, char *argv[])
 		errx(1, "unable to register (YPBINDPROG, YPBINDVERS, tcp)");
 
 	/* build initial domain binding, make it "unsuccessful" */
-	ypbindlist = (struct _dom_binding *)malloc(sizeof *ypbindlist);
+	ypbindlist = malloc(sizeof *ypbindlist);
 	if (ypbindlist == NULL)
 		errx(1, "malloc");
 	bzero(ypbindlist, sizeof *ypbindlist);
-	strncpy(ypbindlist->dom_domain, domain_name, sizeof ypbindlist->dom_domain);
+	strlcpy(ypbindlist->dom_domain, domain_name, sizeof ypbindlist->dom_domain);
 	ypbindlist->dom_vers = YPVERS;
 	ypbindlist->dom_alive = 0;
 	ypbindlist->dom_lockfd = -1;
@@ -883,13 +891,17 @@ rpc_received(char *dom, struct sockaddr_
 	if (ypdb == NULL) {
 		if (force == 0)
 			return;
-		ypdb = (struct _dom_binding *)malloc(sizeof *ypdb);
+		if (strlen(dom) > YPMAXDOMAIN) {
+			syslog(LOG_WARNING, "domain %s too long", dom);
+			return;
+		}
+		ypdb = malloc(sizeof *ypdb);
 		if (ypdb == NULL) {
 			syslog(LOG_WARNING, "malloc: %m");
 			return;
 		}
 		bzero(ypdb, sizeof *ypdb);
-		strncpy(ypdb->dom_domain, dom, sizeof ypdb->dom_domain);
+		strlcpy(ypdb->dom_domain, dom, sizeof ypdb->dom_domain);
 		ypdb->dom_lockfd = -1;
 		ypdb->dom_default = 0;
 		ypdb->dom_pnext = ypbindlist;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605200619.u4K6J0lW078587>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation