emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Prevent out of boundary access

Browse Source 
If lines start with '\0' then it is possible to trigger out of
boundary accesses.

Check if indices are valid before accessing them.

Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
This commit is contained in:
Samanta Navarro 2023-01-30 11:54:49 +00:00 committed by Serge Hallyn
parent ffc480c2e9
commit 8e0ad48c21
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/login_nopam.c
View File

@ -100,7 +100,7 @@ int login_access (const char *user, const char *from)
int end;
lineno++;
end = (int) strlen (line) - 1;
if (line[end] != '\n') {
if (line[0] == '\0' || line[end] != '\n') {
SYSLOG ((LOG_ERR,
"%s: line %d: missing newline or line too long",
TABLE, lineno));
@ -320,7 +320,7 @@ static bool from_match (const char *tok, const char *string)
if (strchr (string, '.') == NULL) {
return true;
}
} else if ( (tok[(tok_len = strlen (tok)) - 1] == '.') /* network */
} else if ( (tok[0] != '\0' && tok[(tok_len = strlen (tok)) - 1] == '.') /* network */
&& (strncmp (tok, resolve_hostname (string), tok_len) == 0)) {
return true;
}

3
src/suauth.c
View File

@ -68,8 +68,9 @@ int check_su_auth (const char *actual_id,
while (fgets (temp, sizeof (temp), authfile_fd) != NULL) {
lines++;
endline = strlen(temp) - 1;
if (temp[endline = strlen (temp) - 1] != '\n') {
if (temp[0] == '\0' || temp[endline] != '\n') {
SYSLOG ((LOG_ERR,
"%s, line %d: line too long or missing newline",
SUAUTHFILE, lines));