implement extra range checking of all numeric values

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1694 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2012-05-20 21:53:56 +0200
committer: Arthur de Jong <arthur@arthurdejong.org> 2012-05-20 21:53:56 +0200
commit: 2162182c3ec6e0b31ea88f4ec4843ed986ea9b7a (patch)
tree: d1d59aefedd79828bed75030f604bd39db0527dc
parent: c23fb324eae950a912d39a0bb1287efa9b444329 (diff)
8 files changed, 38 insertions, 33 deletions
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 0811954..4e828a1 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -450,7 +450,7 @@ static void get_uid(const char *filename,int lnr,
   /* check if it is a valid numerical uid */
   errno=0;
   *var=strtouid(token,&tmp,10);
-  if ((*token!='\0')&&(*tmp=='\0')&&(errno==0))
+  if ((*token!='\0')&&(*tmp=='\0')&&(errno==0)&&(strchr(token,'-')==NULL))
     return;
   /* find by name */
   pwent=getpwnam(token);
@@ -476,7 +476,7 @@ static void get_gid(const char *filename,int lnr,
   /* check if it is a valid numerical gid */
   errno=0;
   *var=strtogid(token,&tmp,10);
-  if ((*token!='\0')&&(*tmp=='\0')&&(errno==0))
+  if ((*token!='\0')&&(*tmp=='\0')&&(errno==0)&&(strchr(token,'-')==NULL))
     return;
   /* find by name */
   grent=getgrnam(token);
diff --git a/nslcd/common.c b/nslcd/common.c
index 829f042..ec20693 100644
--- a/nslcd/common.c
+++ b/nslcd/common.c
@@ -3,7 +3,7 @@
    This file is part of the nss-pam-ldapd library.
 
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -285,7 +285,7 @@ unsigned int strtoui(const char *nptr,char **endptr,int base)
     errno=ERANGE;
     return UINT_MAX;
   }
-  /* If errno was set by strtoull, we'll pass it back as-is */
+  /* If errno was set by strtoul, we'll pass it back as-is */
   return (unsigned int)val;
 }
 #endif /* WANT_STRTOUI */
diff --git a/nslcd/group.c b/nslcd/group.c
index abe5e38..2ac225b 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2006 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -288,9 +288,9 @@ static int write_group(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname,
                               myldap_get_dn(entry),attmap_group_gidNumber);
           return 0;
         }
-        else if (errno!=0)
+        else if ((errno!=0)||(strchr(gidvalues[numgids],'-')!=NULL))
         {
-          log_log(LOG_WARNING,"%s: %s: too large",
+          log_log(LOG_WARNING,"%s: %s: out of range",
                               myldap_get_dn(entry),attmap_group_gidNumber);
           return 0;
         }
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index a6d0d5b..c4a755e 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -202,9 +202,9 @@ static int entry_has_valid_uid(MYLDAP_ENTRY *entry)
                             myldap_get_dn(entry),attmap_passwd_uidNumber);
         continue;
       }
-      else if (errno!=0)
+      else if ((errno!=0)||(strchr(values[i],'-')!=NULL))
       {
-        log_log(LOG_WARNING,"%s: %s: too large",
+        log_log(LOG_WARNING,"%s: %s: out of range",
                             myldap_get_dn(entry),attmap_passwd_uidNumber);
         continue;
       }
@@ -500,9 +500,9 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser,
                               myldap_get_dn(entry),attmap_passwd_uidNumber);
           return 0;
         }
-        else if (errno!=0)
+        else if ((errno!=0)||(strchr(tmpvalues[numuids],'-')!=NULL))
         {
-          log_log(LOG_WARNING,"%s: %s: too large",
+          log_log(LOG_WARNING,"%s: %s: out of range",
                               myldap_get_dn(entry),attmap_passwd_uidNumber);
           return 0;
         }
@@ -538,9 +538,9 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser,
                           myldap_get_dn(entry),attmap_passwd_gidNumber);
       return 0;
     }
-    else if (errno!=0)
+    else if ((errno!=0)||(strchr(gidbuf,'-')!=NULL))
     {
-      log_log(LOG_WARNING,"%s: %s: too large",
+      log_log(LOG_WARNING,"%s: %s: out of range",
                           myldap_get_dn(entry),attmap_passwd_gidNumber);
       return 0;
     }
diff --git a/nslcd/protocol.c b/nslcd/protocol.c
index 20b741c..9536a8e 100644
--- a/nslcd/protocol.c
+++ b/nslcd/protocol.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -28,6 +28,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdint.h>
 
 #include "common.h"
 #include "log.h"
@@ -107,7 +108,7 @@ static int write_protocol(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname)
   const char **aliases;
   const char **protos;
   char *tmp;
-  int proto;
+  long proto;
   int i;
   /* get the most canonical name */
   name=myldap_get_rdn_value(entry,attmap_protocol_cn);
@@ -144,16 +145,16 @@ static int write_protocol(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname)
                         myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
   }
   errno=0;
-  proto=(int)strtol(protos[0],&tmp,10);
+  proto=strtol(protos[0],&tmp,10);
   if ((*(protos[0])=='\0')||(*tmp!='\0'))
   {
     log_log(LOG_WARNING,"%s: %s: non-numeric",
                         myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
     return 0;
   }
-  else if (errno!=0)
+  else if ((errno!=0)||(proto<0)||(proto>UINT8_MAX))
   {
-    log_log(LOG_WARNING,"%s: %s: too large",
+    log_log(LOG_WARNING,"%s: %s: out of range",
                         myldap_get_dn(entry),attmap_protocol_ipProtocolNumber);
     return 0;
   }
@@ -161,6 +162,7 @@ static int write_protocol(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname)
   WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
   WRITE_STRING(fp,name);
   WRITE_STRINGLIST_EXCEPT(fp,aliases,name);
+  /* proto number is actually an 8-bit value but we write 32 bits anyway */
   WRITE_INT32(fp,proto);
   return 0;
 }
diff --git a/nslcd/rpc.c b/nslcd/rpc.c
index e8691c6..3456612 100644
--- a/nslcd/rpc.c
+++ b/nslcd/rpc.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -28,6 +28,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdint.h>
 
 #include "common.h"
 #include "log.h"
@@ -108,7 +109,7 @@ static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname)
   const char **aliases;
   const char **numbers;
   char *tmp;
-  int number;
+  long number;
   int i;
   /* get the most canonical name */
   name=myldap_get_rdn_value(entry,attmap_rpc_cn);
@@ -145,16 +146,16 @@ static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname)
                         myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
   }
   errno=0;
-  number=(int)strtol(numbers[0],&tmp,10);
+  number=strtol(numbers[0],&tmp,10);
   if ((*(numbers[0])=='\0')||(*tmp!='\0'))
   {
     log_log(LOG_WARNING,"%s: %s: non-numeric",
                         myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
     return 0;
   }
-  else if (errno!=0)
+  else if ((errno!=0)||(number>UINT32_MAX))
   {
-    log_log(LOG_WARNING,"%s: %s: too large",
+    log_log(LOG_WARNING,"%s: %s: out of range",
                         myldap_get_dn(entry),attmap_rpc_oncRpcNumber);
     return 0;
   }
diff --git a/nslcd/service.c b/nslcd/service.c
index 16133da..5bc123a 100644
--- a/nslcd/service.c
+++ b/nslcd/service.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -28,6 +28,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdint.h>
 
 #include "common.h"
 #include "log.h"
@@ -136,7 +137,7 @@ static int write_service(TFILE *fp,MYLDAP_ENTRY *entry,
   const char **ports;
   const char **protocols;
   char *tmp;
-  int port;
+  long port;
   int i;
   /* get the most canonical name */
   name=myldap_get_rdn_value(entry,attmap_service_cn);
@@ -173,16 +174,16 @@ static int write_service(TFILE *fp,MYLDAP_ENTRY *entry,
                         myldap_get_dn(entry),attmap_service_ipServicePort);
   }
   errno=0;
-  port=(int)strtol(ports[0],&tmp,10);
+  port=strtol(ports[0],&tmp,10);
   if ((*(ports[0])=='\0')||(*tmp!='\0'))
   {
     log_log(LOG_WARNING,"%s: %s: non-numeric value",
                         myldap_get_dn(entry),attmap_service_ipServicePort);
     return 0;
   }
-  else if (errno!=0)
+  else if ((errno!=0)||(port<=0)||(port>UINT16_MAX))
   {
-    log_log(LOG_WARNING,"%s: %s: too large",
+    log_log(LOG_WARNING,"%s: %s: out of range",
                         myldap_get_dn(entry),attmap_service_ipServicePort);
     return 0;
   }
@@ -201,6 +202,7 @@ static int write_service(TFILE *fp,MYLDAP_ENTRY *entry,
       WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
       WRITE_STRING(fp,name);
       WRITE_STRINGLIST_EXCEPT(fp,aliases,name);
+      /* port number is actually a 16-bit value but we write 32 bits anyway */
       WRITE_INT32(fp,port);
       WRITE_STRING(fp,protocols[i]);
     }
diff --git a/nslcd/shadow.c b/nslcd/shadow.c
index d6a5a7e..02b6de3 100644
--- a/nslcd/shadow.c
+++ b/nslcd/shadow.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -138,7 +138,7 @@ static long to_date(const char *dn,const char *date,const char *attr)
     }
     else if (errno!=0)
     {
-      log_log(LOG_WARNING,"%s: %s: too large",dn,attr);
+      log_log(LOG_WARNING,"%s: %s: out of range",dn,attr);
       return -1;
     }
     return value/864-134774;
@@ -154,7 +154,7 @@ static long to_date(const char *dn,const char *date,const char *attr)
   }
   else if (errno!=0)
   {
-    log_log(LOG_WARNING,"%s: %s: too large",dn,attr);
+    log_log(LOG_WARNING,"%s: %s: out of range",dn,attr);
     return -1;
   }
   return value;
@@ -178,7 +178,7 @@ static long to_date(const char *dn,const char *date,const char *attr)
   } \
   else if (errno!=0) \
   { \
-    log_log(LOG_WARNING,"%s: %s: too large", \
+    log_log(LOG_WARNING,"%s: %s: out of range", \
                         myldap_get_dn(entry),attmap_shadow_##att); \
     var=fallback; \
   }
author	Arthur de Jong <arthur@arthurdejong.org>	2012-05-20 21:53:56 +0200
committer	Arthur de Jong <arthur@arthurdejong.org>	2012-05-20 21:53:56 +0200
commit	2162182c3ec6e0b31ea88f4ec4843ed986ea9b7a (patch)
tree	d1d59aefedd79828bed75030f604bd39db0527dc
parent	c23fb324eae950a912d39a0bb1287efa9b444329 (diff)