Use malloc()ed buffers instead of stack buffers in gr_copy() and pw_copy().
This allows pw(8) to operate on passwd and group files with longer lines than could be accomodated by a stack buffer. It doesn't take more than a few hundred users to exceed 8192 bytes in /etc/group. MFC after: 3 weeks Sponsored by: The University of Oslo
This commit is contained in:
parent
bba481d7e9
commit
e68bca507d
@ -164,11 +164,12 @@ gr_tmp(int mfd)
|
||||
int
|
||||
gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr)
|
||||
{
|
||||
char buf[8192], *end, *line, *p, *q, *r, t;
|
||||
char *buf, *end, *line, *p, *q, *r, *tmp;
|
||||
struct group *fgr;
|
||||
const struct group *sgr;
|
||||
size_t len;
|
||||
size_t len, size;
|
||||
int eof, readlen;
|
||||
char t;
|
||||
|
||||
if (old_gr == NULL && gr == NULL)
|
||||
return(-1);
|
||||
@ -186,6 +187,10 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr)
|
||||
if (sgr == NULL)
|
||||
sgr = gr;
|
||||
|
||||
/* initialize the buffer */
|
||||
if ((buf = malloc(size = 1024)) == NULL)
|
||||
goto err;
|
||||
|
||||
eof = 0;
|
||||
len = 0;
|
||||
p = q = end = buf;
|
||||
@ -199,10 +204,16 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr)
|
||||
if (q >= end) {
|
||||
if (eof)
|
||||
break;
|
||||
if ((size_t)(q - p) >= sizeof(buf)) {
|
||||
warnx("group line too long");
|
||||
errno = EINVAL; /* hack */
|
||||
goto err;
|
||||
while ((size_t)(q - p) >= size) {
|
||||
if ((tmp = realloc(buf, size * 2)) == NULL) {
|
||||
warnx("group line too long");
|
||||
goto err;
|
||||
}
|
||||
p = tmp + (p - buf);
|
||||
q = tmp + (q - buf);
|
||||
end = tmp + (end - buf);
|
||||
buf = tmp;
|
||||
size = size * 2;
|
||||
}
|
||||
if (p < end) {
|
||||
q = memmove(buf, p, end -p);
|
||||
@ -210,7 +221,7 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr)
|
||||
} else {
|
||||
p = q = end = buf;
|
||||
}
|
||||
readlen = read(ffd, end, sizeof(buf) - (end -buf));
|
||||
readlen = read(ffd, end, size - (end - buf));
|
||||
if (readlen == -1)
|
||||
goto err;
|
||||
else
|
||||
@ -219,7 +230,7 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr)
|
||||
break;
|
||||
end += len;
|
||||
len = end - buf;
|
||||
if (len < (ssize_t)sizeof(buf)) {
|
||||
if (len < size) {
|
||||
eof = 1;
|
||||
if (len > 0 && buf[len -1] != '\n')
|
||||
++len, *end++ = '\n';
|
||||
@ -281,7 +292,7 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr)
|
||||
if (write(tfd, q, end - q) != end - q)
|
||||
goto err;
|
||||
q = buf;
|
||||
readlen = read(ffd, buf, sizeof(buf));
|
||||
readlen = read(ffd, buf, size);
|
||||
if (readlen == 0)
|
||||
break;
|
||||
else
|
||||
@ -303,12 +314,12 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr)
|
||||
write(tfd, "\n", 1) != 1)
|
||||
goto err;
|
||||
done:
|
||||
if (line != NULL)
|
||||
free(line);
|
||||
free(line);
|
||||
free(buf);
|
||||
return (0);
|
||||
err:
|
||||
if (line != NULL)
|
||||
free(line);
|
||||
free(line);
|
||||
free(buf);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
|
@ -427,11 +427,12 @@ pw_make_v7(const struct passwd *pw)
|
||||
int
|
||||
pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
|
||||
{
|
||||
char buf[8192], *end, *line, *p, *q, *r, t;
|
||||
char *buf, *end, *line, *p, *q, *r, *tmp;
|
||||
struct passwd *fpw;
|
||||
const struct passwd *spw;
|
||||
size_t len;
|
||||
size_t len, size;
|
||||
int eof, readlen;
|
||||
char t;
|
||||
|
||||
if (old_pw == NULL && pw == NULL)
|
||||
return (-1);
|
||||
@ -449,6 +450,10 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
|
||||
if (spw == NULL)
|
||||
spw = pw;
|
||||
|
||||
/* initialize the buffer */
|
||||
if ((buf = malloc(size = 1024)) == NULL)
|
||||
goto err;
|
||||
|
||||
eof = 0;
|
||||
len = 0;
|
||||
p = q = end = buf;
|
||||
@ -462,10 +467,16 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
|
||||
if (q >= end) {
|
||||
if (eof)
|
||||
break;
|
||||
if ((size_t)(q - p) >= sizeof(buf)) {
|
||||
warnx("passwd line too long");
|
||||
errno = EINVAL; /* hack */
|
||||
goto err;
|
||||
while ((size_t)(q - p) >= size) {
|
||||
if ((tmp = realloc(buf, size * 2)) == NULL) {
|
||||
warnx("passwd line too long");
|
||||
goto err;
|
||||
}
|
||||
p = tmp + (p - buf);
|
||||
q = tmp + (q - buf);
|
||||
end = tmp + (end - buf);
|
||||
buf = tmp;
|
||||
size = size * 2;
|
||||
}
|
||||
if (p < end) {
|
||||
q = memmove(buf, p, end - p);
|
||||
@ -473,7 +484,7 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
|
||||
} else {
|
||||
p = q = end = buf;
|
||||
}
|
||||
readlen = read(ffd, end, sizeof(buf) - (end - buf));
|
||||
readlen = read(ffd, end, size - (end - buf));
|
||||
if (readlen == -1)
|
||||
goto err;
|
||||
else
|
||||
@ -482,7 +493,7 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
|
||||
break;
|
||||
end += len;
|
||||
len = end - buf;
|
||||
if (len < (ssize_t)sizeof(buf)) {
|
||||
if (len < size) {
|
||||
eof = 1;
|
||||
if (len > 0 && buf[len - 1] != '\n')
|
||||
++len, *end++ = '\n';
|
||||
@ -545,7 +556,7 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
|
||||
if (write(tfd, q, end - q) != end - q)
|
||||
goto err;
|
||||
q = buf;
|
||||
readlen = read(ffd, buf, sizeof(buf));
|
||||
readlen = read(ffd, buf, size);
|
||||
if (readlen == 0)
|
||||
break;
|
||||
else
|
||||
@ -567,12 +578,12 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
|
||||
write(tfd, "\n", 1) != 1)
|
||||
goto err;
|
||||
done:
|
||||
if (line != NULL)
|
||||
free(line);
|
||||
free(line);
|
||||
free(buf);
|
||||
return (0);
|
||||
err:
|
||||
if (line != NULL)
|
||||
free(line);
|
||||
free(line);
|
||||
free(buf);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user