Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 2 May 2013 12:52:49 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r250177 - head/kerberos5/lib/libgssapi_krb5
Message-ID:  <201305021252.r42CqnjQ047958@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rmacklem
Date: Thu May  2 12:52:49 2013
New Revision: 250177
URL: http://svnweb.freebsd.org/changeset/base/250177

Log:
  Fix the getpwnam_r() call in the pname_to_uid() kerberos library function so
  that it handles the ERANGE error return case. Without this fix, authentication
  of users for certain system setups could fail unexpectedly.
  
  Reported by:	Elias Martenson (lokedhs@gmail.com)
  Tested by:	Elias Martenson (earlier version)
  MFC after:	2 weeks

Modified:
  head/kerberos5/lib/libgssapi_krb5/pname_to_uid.c

Modified: head/kerberos5/lib/libgssapi_krb5/pname_to_uid.c
==============================================================================
--- head/kerberos5/lib/libgssapi_krb5/pname_to_uid.c	Thu May  2 12:43:56 2013	(r250176)
+++ head/kerberos5/lib/libgssapi_krb5/pname_to_uid.c	Thu May  2 12:52:49 2013	(r250177)
@@ -26,6 +26,7 @@
  */
 /* $FreeBSD$ */
 
+#include <errno.h>
 #include <pwd.h>
 
 #include "krb5/gsskrb5_locl.h"
@@ -37,8 +38,12 @@ _gsskrb5_pname_to_uid(OM_uint32 *minor_s
 	krb5_context context;
 	krb5_const_principal name = (krb5_const_principal) pname;
 	krb5_error_code kret;
-	char lname[MAXLOGNAME + 1], buf[128];
+	char lname[MAXLOGNAME + 1], buf[1024], *bufp;
 	struct passwd pwd, *pw;
+	size_t buflen;
+	int error;
+	OM_uint32 ret;
+	static size_t buflen_hint = 1024;
 
 	GSSAPI_KRB5_INIT (&context);
 
@@ -49,11 +54,30 @@ _gsskrb5_pname_to_uid(OM_uint32 *minor_s
 	}
 
 	*minor_status = 0;
-	getpwnam_r(lname, &pwd, buf, sizeof(buf), &pw);
+	buflen = buflen_hint;
+	for (;;) {
+		pw = NULL;
+		bufp = buf;
+		if (buflen > sizeof(buf))
+			bufp = malloc(buflen);
+		if (bufp == NULL)
+			break;
+		error = getpwnam_r(lname, &pwd, bufp, buflen, &pw);
+		if (error != ERANGE)
+			break;
+		if (buflen > sizeof(buf))
+			free(bufp);
+		buflen += 1024;
+		if (buflen > buflen_hint)
+			buflen_hint = buflen;
+	}
 	if (pw) {
 		*uidp = pw->pw_uid;
-		return (GSS_S_COMPLETE);
+		ret = GSS_S_COMPLETE;
 	} else {
-		return (GSS_S_FAILURE);
+		ret = GSS_S_FAILURE;
 	}
+	if (bufp != NULL && buflen > sizeof(buf))
+		free(bufp);
+	return (ret);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305021252.r42CqnjQ047958>