Commit 42ad8c2c authored by Martin Schwenke's avatar Martin Schwenke Committed by Karolin Seeger

util: Simplify input validation

It appears that snprintf(3) is being used for input validation.
However, this seems like overkill because it causes szPath to be
copied an extra time.  The mostly likely protections being sought
here, according to https://cwe.mitre.org/data/definitions/20.html,
look to be DoS attacks involving CPU and memory usage.  A simpler
check that uses strnlen(3) can mitigate against both of these and is
simpler.
Signed-off-by: Martin Schwenke's avatarMartin Schwenke <martin@meltin.net>
Reviewed-by: VL's avatarVolker Lendecke <vl@samba.org>
Reviewed-by: Björn Jacke's avatarBjoern Jacke <bjacke@samba.org>
(cherry picked from commit 922bce26)
parent 79f5d886
......@@ -69,21 +69,20 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
struct passwd pwd = {0};
struct passwd *pwdbuf = NULL;
char buf[NSS_BUFLEN_PASSWD] = {0};
size_t len;
int rc;
rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
if (rc != 0 || pwdbuf == NULL ) {
int len_written;
const char *szPath = getenv("HOME");
if (szPath == NULL) {
return NULL;
}
len_written = snprintf(buf, sizeof(buf), "%s", szPath);
if (len_written >= sizeof(buf) || len_written < 0) {
/* Output was truncated or an error. */
len = strnlen(szPath, PATH_MAX);
if (len >= PATH_MAX) {
return NULL;
}
return talloc_strdup(mem_ctx, buf);
return talloc_strdup(mem_ctx, szPath);
}
return talloc_strdup(mem_ctx, pwd.pw_dir);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment