From 950f74bfeb6c58dc5e2b1b57980a08f694ba12fc Mon Sep 17 00:00:00 2001 From: Dag-Erling Smørgrav Date: Mon, 28 Nov 2016 21:00:19 +0000 Subject: Use malloc()ed buffers instead of stack buffers in gr_copy() and pw_copy(). This allows pw(8) to operate on passwd and group files with longer lines than could be accomodated by a stack buffer. It doesn't take more than a few hundred users to exceed 8192 bytes in /etc/group. MFC after: 3 weeks Sponsored by: The University of Oslo --- libutil/gr_util.c | 37 ++++++++++++++++++++++++------------- libutil/pw_util.c | 37 ++++++++++++++++++++++++------------- 2 files changed, 48 insertions(+), 26 deletions(-) (limited to 'libutil') diff --git a/libutil/gr_util.c b/libutil/gr_util.c index 6153209..99f268c 100644 --- a/libutil/gr_util.c +++ b/libutil/gr_util.c @@ -164,11 +164,12 @@ gr_tmp(int mfd) int gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr) { - char buf[8192], *end, *line, *p, *q, *r, t; + char *buf, *end, *line, *p, *q, *r, *tmp; struct group *fgr; const struct group *sgr; - size_t len; + size_t len, size; int eof, readlen; + char t; if (old_gr == NULL && gr == NULL) return(-1); @@ -186,6 +187,10 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr) if (sgr == NULL) sgr = gr; + /* initialize the buffer */ + if ((buf = malloc(size = 1024)) == NULL) + goto err; + eof = 0; len = 0; p = q = end = buf; @@ -199,10 +204,16 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr) if (q >= end) { if (eof) break; - if ((size_t)(q - p) >= sizeof(buf)) { - warnx("group line too long"); - errno = EINVAL; /* hack */ - goto err; + while ((size_t)(q - p) >= size) { + if ((tmp = realloc(buf, size * 2)) == NULL) { + warnx("group line too long"); + goto err; + } + p = tmp + (p - buf); + q = tmp + (q - buf); + end = tmp + (end - buf); + buf = tmp; + size = size * 2; } if (p < end) { q = memmove(buf, p, end -p); @@ -210,7 +221,7 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr) } else { p = q = end = buf; } - readlen = read(ffd, end, sizeof(buf) - (end -buf)); + readlen = read(ffd, end, size - (end - buf)); if (readlen == -1) goto err; else @@ -219,7 +230,7 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr) break; end += len; len = end - buf; - if (len < (ssize_t)sizeof(buf)) { + if (len < size) { eof = 1; if (len > 0 && buf[len -1] != '\n') ++len, *end++ = '\n'; @@ -281,7 +292,7 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr) if (write(tfd, q, end - q) != end - q) goto err; q = buf; - readlen = read(ffd, buf, sizeof(buf)); + readlen = read(ffd, buf, size); if (readlen == 0) break; else @@ -303,12 +314,12 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr) write(tfd, "\n", 1) != 1) goto err; done: - if (line != NULL) - free(line); + free(line); + free(buf); return (0); err: - if (line != NULL) - free(line); + free(line); + free(buf); return (-1); } diff --git a/libutil/pw_util.c b/libutil/pw_util.c index d790328..0c34e67 100644 --- a/libutil/pw_util.c +++ b/libutil/pw_util.c @@ -427,11 +427,12 @@ pw_make_v7(const struct passwd *pw) int pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) { - char buf[8192], *end, *line, *p, *q, *r, t; + char *buf, *end, *line, *p, *q, *r, *tmp; struct passwd *fpw; const struct passwd *spw; - size_t len; + size_t len, size; int eof, readlen; + char t; if (old_pw == NULL && pw == NULL) return (-1); @@ -449,6 +450,10 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) if (spw == NULL) spw = pw; + /* initialize the buffer */ + if ((buf = malloc(size = 1024)) == NULL) + goto err; + eof = 0; len = 0; p = q = end = buf; @@ -462,10 +467,16 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) if (q >= end) { if (eof) break; - if ((size_t)(q - p) >= sizeof(buf)) { - warnx("passwd line too long"); - errno = EINVAL; /* hack */ - goto err; + while ((size_t)(q - p) >= size) { + if ((tmp = realloc(buf, size * 2)) == NULL) { + warnx("passwd line too long"); + goto err; + } + p = tmp + (p - buf); + q = tmp + (q - buf); + end = tmp + (end - buf); + buf = tmp; + size = size * 2; } if (p < end) { q = memmove(buf, p, end - p); @@ -473,7 +484,7 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) } else { p = q = end = buf; } - readlen = read(ffd, end, sizeof(buf) - (end - buf)); + readlen = read(ffd, end, size - (end - buf)); if (readlen == -1) goto err; else @@ -482,7 +493,7 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) break; end += len; len = end - buf; - if (len < (ssize_t)sizeof(buf)) { + if (len < size) { eof = 1; if (len > 0 && buf[len - 1] != '\n') ++len, *end++ = '\n'; @@ -545,7 +556,7 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) if (write(tfd, q, end - q) != end - q) goto err; q = buf; - readlen = read(ffd, buf, sizeof(buf)); + readlen = read(ffd, buf, size); if (readlen == 0) break; else @@ -567,12 +578,12 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) write(tfd, "\n", 1) != 1) goto err; done: - if (line != NULL) - free(line); + free(line); + free(buf); return (0); err: - if (line != NULL) - free(line); + free(line); + free(buf); return (-1); } -- cgit v1.2.3-56-ge451