ahill/shadow
1
0
Fork 0
mirror of https://github.com/shadow-maint/shadow.git synced 2026-01-28 23:04:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
shadow/lib
History
Samanta Navarro 1c6a1206bd
lib/sgetgrent.c: fix null pointer dereference 
If reallocation fails in function list, then reset the size to 0 again.
Without the reset, the next call assumes that `members` points to
a memory location with reserved space.

Also use size_t instead of int for size to prevent signed integer
overflows. The length of group lines is not limited.

Fixes 45c0003e53ab671c63dcd530fd9f3245d3b29e76 (4.14 release series)

Proof of Concept:

-  Prepare a group file (one long group line and a shorter one, both with a list of users)

	$ echo -n "root0:" > /tmp/uwu
	$ yes , | tr -d '\n' | dd of=/tmp/uwu bs=10 count=3145728 seek=1 conv=notrunc iflag=fullblock
	$ echo -e "\nbin1:," >> /tmp/uwu

-  Run grpck with tight memory constraints

	$ ulimit -d 102400
	$ grpck /tmp/uwu
	Segmentation fault (core dumped)

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
Cherry-picked-from: a9e07c0feb43 ("lib/sgetgrent.c: fix null pointer dereference")
Link: <https://github.com/shadow-maint/shadow/pull/904>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-16 00:00:43 +01:00
..
.indent.pro
[svn-upgrade] Integrating new upstream version, shadow (4.0.8)
2007-10-07 11:46:07 +00:00
addgrps.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
age.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
agetpass.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
alloc.c
lib, libmisc: Move source files to lib (where their headers were)
2023-09-10 14:12:54 +02:00
alloc.h
Simplify allocation APIs
2023-06-08 09:05:39 -05:00
audit_help.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
basename.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
bit.c
lib, libmisc: Move source files to lib (where their headers were)
2023-09-10 14:12:54 +02:00
bit.h
lib: bit_ceil_wrapul(): stop recursion
2023-02-24 12:44:14 -06:00
btrfs.c
lib/btrfs: avoid NULL-dereference
2023-10-30 00:00:15 +01:00
chkname.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
chkname.h
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
chowndir.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
chowntty.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
cleanup_group.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
cleanup_user.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
cleanup.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
commonio.c
Add wrapper for write(2)
2023-08-04 17:15:42 -05:00
commonio.h
changing lock mechanism
2022-12-29 13:58:49 -06:00
console.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
copydir.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
csrand.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
date_to_str.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
defines.h
lib: replace USER_NAME_MAX_LENGTH macro
2023-08-02 10:13:28 -05:00
encrypt.c
Merge pull request #451 from hallyn/2021-12-05/license
2022-01-02 18:38:42 -06:00
entry.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
env.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
exitcodes.h
Update licensing info
2021-12-23 19:36:50 -06:00
faillog.h
Update licensing info
2021-12-23 19:36:50 -06:00
failure.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
failure.h
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
fields.c
Overhaul valid_field()
2023-03-31 09:53:40 -05:00
find_new_gid.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
find_new_sub_gids.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
find_new_sub_uids.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
find_new_uid.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
fputsx.c
Update licensing info
2021-12-23 19:36:50 -06:00
freezero.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
freezero.h
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
get_gid.c
Remove superfluous casts
2023-02-09 10:03:03 -06:00
get_pid.c
get_pid.c: Use tighter validation checks
2023-05-15 09:21:16 +02:00
get_uid.c
Remove superfluous casts
2023-02-09 10:03:03 -06:00
getdate.h
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
getdate.y
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
getdef.c
Simplify allocation APIs
2023-06-08 09:05:39 -05:00
getdef.h
Update licensing info
2021-12-23 19:36:50 -06:00
getgr_nam_gid.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
getlong.c
Update licensing info
2021-12-23 19:36:50 -06:00
getrange.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
gettime.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
getulong.c
Update licensing info
2021-12-23 19:36:50 -06:00
groupio.c
Simplify allocation APIs
2023-06-08 09:05:39 -05:00
groupio.h
Update licensing info
2021-12-23 19:36:50 -06:00
groupmem.c
Simplify allocation APIs
2023-06-08 09:05:39 -05:00
gshadow_.h
Update licensing info
2021-12-23 19:36:50 -06:00
gshadow.c
Simplify allocation APIs
2023-06-08 09:05:39 -05:00
hushed.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
idmapping.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
idmapping.h
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
isexpired.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
limits.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
list.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
lockpw.c
Don't redefine errno(3)
2022-12-22 11:43:29 +01:00
log.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
logind.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
loginprompt.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
mail.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
Makefile.am
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
mempcpy.c
lib, libmisc: Move source files to lib (where their headers were)
2023-09-10 14:12:54 +02:00
mempcpy.h
Add mempcpy(3)
2023-02-16 11:29:33 +01:00
motd.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
myname.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
nscd.c
Don't redefine errno(3)
2022-12-22 11:43:29 +01:00
nscd.h
* configure.in, lib/nscd.h, lib/nscd.c: Added --with-nscd flag to
2008-08-30 18:30:36 +00:00
nss.c
Simplify allocation APIs
2023-06-08 09:05:39 -05:00
obscure.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
pam_defs.h
Declare constant data structure const
2023-01-25 12:31:17 +01:00
pam_pass_non_interactive.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
pam_pass.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
port.c
Second verse, it gets worse; it gets no better than this
2023-05-31 09:29:49 -05:00
port.h
Update licensing info
2021-12-23 19:36:50 -06:00
prefix_flag.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
prototypes.h
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
pwauth.c
Don't redefine errno(3)
2022-12-22 11:43:29 +01:00
pwauth.h
Add header guards
2022-05-24 07:49:11 -05:00
pwd2spwd.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
pwd_init.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
pwdcheck.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
pwio.c
Remove superfluous casts
2023-02-09 10:03:03 -06:00
pwio.h
Update licensing info
2021-12-23 19:36:50 -06:00
pwmem.c
Use safer allocation macros
2023-02-23 20:28:43 -06:00
readpassphrase.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
readpassphrase.h
Replace __{BEGIN,END}_DECLS with #ifdef __cplusplus
2023-10-30 00:00:10 +01:00
remove_tree.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
rlogin.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
root_flag.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
run_part.c
Simplify allocation APIs
2023-06-08 09:05:39 -05:00
run_part.h
Add header guards
2022-05-24 07:49:11 -05:00
salt.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
selinux.c
selinux: use type safe function pointer assignment
2023-03-20 08:47:52 +01:00
semanage.c
semanage: disconnect to free libsemanage internals
2023-04-26 17:52:54 -05:00
setugid.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
setupenv.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
sgetgrent.c
lib/sgetgrent.c: fix null pointer dereference
2024-01-16 00:00:43 +01:00
sgetpwent.c
Raise limit for passwd and shadow entry length
2022-10-14 10:41:40 +02:00
sgetspent.c
Don't redefine errno(3)
2022-12-22 11:43:29 +01:00
sgroupio.c
Simplify allocation APIs
2023-06-08 09:05:39 -05:00
sgroupio.h
Update licensing info
2021-12-23 19:36:50 -06:00
shadow.c
Remove superfluous casts
2023-02-09 10:03:03 -06:00
shadowio.c
Remove superfluous casts
2023-02-09 10:03:03 -06:00
shadowio.h
Update licensing info
2021-12-23 19:36:50 -06:00
shadowlog_internal.h
Fix typos
2023-01-26 22:44:39 -06:00
shadowlog.c
lib: provide default values for shadow_progname/shadow_logfd
2021-12-27 16:28:23 +00:00
shadowlog.h
Drop obsolete prototype for log_dolog()
2022-08-06 11:27:56 -05:00
shadowmem.c
Use safer allocation macros
2023-02-23 20:28:43 -06:00
shell.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
spawn.c
Merge pull request #451 from hallyn/2021-12-05/license
2022-01-02 18:38:42 -06:00
sssd.c
Simplify allocation APIs
2023-06-08 09:05:39 -05:00
sssd.h
Flush sssd caches in addition to nscd caches
2018-09-13 14:20:02 +02:00
stpecpy.c
lib, libmisc: Move source files to lib (where their headers were)
2023-09-10 14:12:54 +02:00
stpecpy.h
Add stpecpy()
2023-02-16 11:29:33 +01:00
stpeprintf.c
lib, libmisc: Move source files to lib (where their headers were)
2023-09-10 14:12:54 +02:00
stpeprintf.h
Add stpeprintf()
2023-02-16 11:29:33 +01:00
strtoday.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
sub.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
subordinateio.c
Use temporary variable
2023-06-08 09:05:39 -05:00
subordinateio.h
fix newusers when nss provides subids
2021-05-23 08:16:16 -05:00
sulog.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
tcbfuncs.c
Remove superfluous casts
2023-02-09 10:03:03 -06:00
tcbfuncs.h
* lib/tcbfuncs.h: Re-indent.
2010-03-18 19:23:00 +00:00
ttytype.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
tz.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
ulimit.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
user_busy.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
utmp.c
utmp: call prepare_utmp() even if utent is NULL
2023-10-30 00:00:19 +01:00
valid.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
write_full.c
Add wrapper for write(2)
2023-08-04 17:15:42 -05:00
xgetgrgid.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
xgetgrnam.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
xgetpwnam.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
xgetpwuid.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
xgetspnam.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
xgetXXbyYY.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
xprefix_getpwnam.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00
yesno.c
lib: Merge libmisc into libshadow
2023-09-10 14:13:01 +02:00