| Index: fusl/src/passwd/getspnam_r.c
|
| diff --git a/fusl/src/passwd/getspnam_r.c b/fusl/src/passwd/getspnam_r.c
|
| index 92339528ad170f2ed76d3bc3ba03a14b8e98c30e..df5b4fab528f26a8c76792834e7c9c7bf4b053e8 100644
|
| --- a/fusl/src/passwd/getspnam_r.c
|
| +++ b/fusl/src/passwd/getspnam_r.c
|
| @@ -12,105 +12,126 @@
|
| * file. It also avoids any allocation to prevent memory-exhaustion
|
| * attacks via huge TCB shadow files. */
|
|
|
| -static long xatol(char **s)
|
| -{
|
| - long x;
|
| - if (**s == ':' || **s == '\n') return -1;
|
| - for (x=0; **s-'0'<10U; ++*s) x=10*x+(**s-'0');
|
| - return x;
|
| +static long xatol(char** s) {
|
| + long x;
|
| + if (**s == ':' || **s == '\n')
|
| + return -1;
|
| + for (x = 0; **s - '0' < 10U; ++*s)
|
| + x = 10 * x + (**s - '0');
|
| + return x;
|
| }
|
|
|
| -int __parsespent(char *s, struct spwd *sp)
|
| -{
|
| - sp->sp_namp = s;
|
| - if (!(s = strchr(s, ':'))) return -1;
|
| - *s = 0;
|
| -
|
| - sp->sp_pwdp = ++s;
|
| - if (!(s = strchr(s, ':'))) return -1;
|
| - *s = 0;
|
| -
|
| - s++; sp->sp_lstchg = xatol(&s);
|
| - if (*s != ':') return -1;
|
| -
|
| - s++; sp->sp_min = xatol(&s);
|
| - if (*s != ':') return -1;
|
| -
|
| - s++; sp->sp_max = xatol(&s);
|
| - if (*s != ':') return -1;
|
| -
|
| - s++; sp->sp_warn = xatol(&s);
|
| - if (*s != ':') return -1;
|
| -
|
| - s++; sp->sp_inact = xatol(&s);
|
| - if (*s != ':') return -1;
|
| -
|
| - s++; sp->sp_expire = xatol(&s);
|
| - if (*s != ':') return -1;
|
| -
|
| - s++; sp->sp_flag = xatol(&s);
|
| - if (*s != '\n') return -1;
|
| - return 0;
|
| +int __parsespent(char* s, struct spwd* sp) {
|
| + sp->sp_namp = s;
|
| + if (!(s = strchr(s, ':')))
|
| + return -1;
|
| + *s = 0;
|
| +
|
| + sp->sp_pwdp = ++s;
|
| + if (!(s = strchr(s, ':')))
|
| + return -1;
|
| + *s = 0;
|
| +
|
| + s++;
|
| + sp->sp_lstchg = xatol(&s);
|
| + if (*s != ':')
|
| + return -1;
|
| +
|
| + s++;
|
| + sp->sp_min = xatol(&s);
|
| + if (*s != ':')
|
| + return -1;
|
| +
|
| + s++;
|
| + sp->sp_max = xatol(&s);
|
| + if (*s != ':')
|
| + return -1;
|
| +
|
| + s++;
|
| + sp->sp_warn = xatol(&s);
|
| + if (*s != ':')
|
| + return -1;
|
| +
|
| + s++;
|
| + sp->sp_inact = xatol(&s);
|
| + if (*s != ':')
|
| + return -1;
|
| +
|
| + s++;
|
| + sp->sp_expire = xatol(&s);
|
| + if (*s != ':')
|
| + return -1;
|
| +
|
| + s++;
|
| + sp->sp_flag = xatol(&s);
|
| + if (*s != '\n')
|
| + return -1;
|
| + return 0;
|
| }
|
|
|
| -static void cleanup(void *p)
|
| -{
|
| - fclose(p);
|
| +static void cleanup(void* p) {
|
| + fclose(p);
|
| }
|
|
|
| -int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
|
| -{
|
| - char path[20+NAME_MAX];
|
| - FILE *f = 0;
|
| - int rv = 0;
|
| - int fd;
|
| - size_t k, l = strlen(name);
|
| - int skip = 0;
|
| - int cs;
|
| -
|
| - *res = 0;
|
| -
|
| - /* Disallow potentially-malicious user names */
|
| - if (*name=='.' || strchr(name, '/') || !l)
|
| - return EINVAL;
|
| -
|
| - /* Buffer size must at least be able to hold name, plus some.. */
|
| - if (size < l+100) return ERANGE;
|
| -
|
| - /* Protect against truncation */
|
| - if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
|
| - return EINVAL;
|
| -
|
| - fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC);
|
| - if (fd >= 0) {
|
| - struct stat st = { 0 };
|
| - errno = EINVAL;
|
| - if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
|
| - pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
|
| - close(fd);
|
| - pthread_setcancelstate(cs, 0);
|
| - return errno;
|
| - }
|
| - } else {
|
| - f = fopen("/etc/shadow", "rbe");
|
| - if (!f) return errno;
|
| - }
|
| -
|
| - pthread_cleanup_push(cleanup, f);
|
| - while (fgets(buf, size, f) && (k=strlen(buf))>0) {
|
| - if (skip || strncmp(name, buf, l) || buf[l]!=':') {
|
| - skip = buf[k-1] != '\n';
|
| - continue;
|
| - }
|
| - if (buf[k-1] != '\n') {
|
| - rv = ERANGE;
|
| - break;
|
| - }
|
| -
|
| - if (__parsespent(buf, sp) < 0) continue;
|
| - *res = sp;
|
| - break;
|
| - }
|
| - pthread_cleanup_pop(1);
|
| - return rv;
|
| +int getspnam_r(const char* name,
|
| + struct spwd* sp,
|
| + char* buf,
|
| + size_t size,
|
| + struct spwd** res) {
|
| + char path[20 + NAME_MAX];
|
| + FILE* f = 0;
|
| + int rv = 0;
|
| + int fd;
|
| + size_t k, l = strlen(name);
|
| + int skip = 0;
|
| + int cs;
|
| +
|
| + *res = 0;
|
| +
|
| + /* Disallow potentially-malicious user names */
|
| + if (*name == '.' || strchr(name, '/') || !l)
|
| + return EINVAL;
|
| +
|
| + /* Buffer size must at least be able to hold name, plus some.. */
|
| + if (size < l + 100)
|
| + return ERANGE;
|
| +
|
| + /* Protect against truncation */
|
| + if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
|
| + return EINVAL;
|
| +
|
| + fd = open(path, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
|
| + if (fd >= 0) {
|
| + struct stat st = {0};
|
| + errno = EINVAL;
|
| + if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
|
| + pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
|
| + close(fd);
|
| + pthread_setcancelstate(cs, 0);
|
| + return errno;
|
| + }
|
| + } else {
|
| + f = fopen("/etc/shadow", "rbe");
|
| + if (!f)
|
| + return errno;
|
| + }
|
| +
|
| + pthread_cleanup_push(cleanup, f);
|
| + while (fgets(buf, size, f) && (k = strlen(buf)) > 0) {
|
| + if (skip || strncmp(name, buf, l) || buf[l] != ':') {
|
| + skip = buf[k - 1] != '\n';
|
| + continue;
|
| + }
|
| + if (buf[k - 1] != '\n') {
|
| + rv = ERANGE;
|
| + break;
|
| + }
|
| +
|
| + if (__parsespent(buf, sp) < 0)
|
| + continue;
|
| + *res = sp;
|
| + break;
|
| + }
|
| + pthread_cleanup_pop(1);
|
| + return rv;
|
| }
|
|
|
Chromium Code Reviews
Issue 1714623002:
[fusl] clang-format fusl (Closed)
Base URL: git@github.com:domokit/mojo.git@master