From 2cdf5a9b4bfe308ce40f9547942c45a550e079f1 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 28 Apr 2023 09:40:26 +0000 Subject: [PATCH] pwd: Remove static buffer for subid entry In the build service, it could happen that Pakfire runs concurrently which might cause that the statically allocated memory might be overwritten by another thread. Signed-off-by: Michael Tremer --- src/libpakfire/pwd.c | 55 ++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/src/libpakfire/pwd.c b/src/libpakfire/pwd.c index a835bd4a0..e30706b59 100644 --- a/src/libpakfire/pwd.c +++ b/src/libpakfire/pwd.c @@ -18,6 +18,7 @@ # # #############################################################################*/ +#include #include #include #include @@ -157,8 +158,7 @@ struct group* pakfire_getgrgid(struct pakfire* pakfire, gid_t gid) { // SUBUID/SUBGID -static struct pakfire_subid* pakfire_fgetsubid(struct pakfire* pakfire, FILE* f) { - static struct pakfire_subid subid; +static int pakfire_fgetsubid(struct pakfire* pakfire, struct pakfire_subid* subid, FILE* f) { int r; char* line = NULL; @@ -180,9 +180,6 @@ static struct pakfire_subid* pakfire_fgetsubid(struct pakfire* pakfire, FILE* f) break; } - // Reset r - r = 0; - int i = 0; char* token = strtok_r(line, ":", &p); @@ -190,17 +187,17 @@ static struct pakfire_subid* pakfire_fgetsubid(struct pakfire* pakfire, FILE* f) switch (i++) { // First field has the name case 0: - pakfire_string_set(subid.name, token); + pakfire_string_set(subid->name, token); break; // Second field has the ID case 1: - subid.id = strtoul(token, NULL, 10); + subid->id = strtoul(token, NULL, 10); break; // Third field has the length case 2: - subid.length = strtoul(token, NULL, 10); + subid->length = strtoul(token, NULL, 10); break; } @@ -208,27 +205,29 @@ static struct pakfire_subid* pakfire_fgetsubid(struct pakfire* pakfire, FILE* f) } // Check if length is greater than zero - if (subid.length == 0) { + if (subid->length == 0) { DEBUG(pakfire, "Length equals zero: %s\n", line); r = 1; + goto ERROR; } + // Reset r + r = 0; + ERROR: if (line) free(line); - if (r) - return NULL; + if (!r) + DEBUG(pakfire, "Parsed SUBID entry: name=%s, id=%d, length=%zu\n", + subid->name, subid->id, subid->length); - DEBUG(pakfire, "Parsed SUBID entry: name=%s, id=%d, length=%zu\n", - subid.name, subid.id, subid.length); - - return &subid; + return r; } int pakfire_getsubid(struct pakfire* pakfire, const char* path, const uid_t uid, struct pakfire_subid* subid) { - struct pakfire_subid* entry = NULL; + struct pakfire_subid entry; int r = 1; // Do not lookup root user and set the entire available UID/GID range @@ -252,28 +251,34 @@ int pakfire_getsubid(struct pakfire* pakfire, const char* path, const uid_t uid, FILE* f = fopen(path, "r"); if (!f) { ERROR(pakfire, "Could not open %s: %m\n", ETC_SUBUID); - goto ERROR; + r = 1; + goto END; } // Walk through all entries while (1) { - entry = pakfire_fgetsubid(pakfire, f); - if (!entry) - break; + r = pakfire_fgetsubid(pakfire, &entry, f); + if (r) + goto END; // TODO Check if name matches UID // Check for match - if (strcmp(entry->name, passwd->pw_name) == 0) { - subid->id = entry->id; - subid->length = entry->length; + if (strcmp(entry.name, passwd->pw_name) == 0) { + subid->id = entry.id; + subid->length = entry.length; r = 0; - break; + goto END; } } -ERROR: + // No match found + ERROR(pakfire, "No match found for %s\n", passwd->pw_name); + errno = ENOENT; + r = 1; + +END: if (f) fclose(f); -- 2.39.5