]> git.ipfire.org Git - thirdparty/shadow.git/commitdiff
projects / thirdparty / shadow.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 54ab542)
commonio: check for path truncations
authorChristian Göttsche <cgzones@googlemail.com>
Thu, 26 Jan 2023 19:58:24 +0000 (20:58 +0100)
committerSerge Hallyn <serge@hallyn.com>
Mon, 21 Aug 2023 20:56:44 +0000 (15:56 -0500)
Bail out if the paths generated for the backup and replacement database
are truncated.

lib/commonio.c patch | blob | blame | history

diff --git a/lib/commonio.c b/lib/commonio.c
index 24c472bc9d5952d296eb7a6885f0dc9587167472..c6459a2ec0586540049b46fb9dd720e3d2010f09 100644 (file)
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -900,7 +900,7 @@ static int write_all (const struct commonio_db *db)
 int commonio_close (struct commonio_db *db)
 {
        char buf[1024];
-       int errors = 0;
+       int errors = 0, r;
        struct stat sb;
 
        if (!db->isopen) {
@@ -932,7 +932,12 @@ int commonio_close (struct commonio_db *db)
                /*
                 * Create backup file.
                 */
-               snprintf (buf, sizeof buf, "%s-", db->filename);
+               r = snprintf (buf, sizeof buf, "%s-", db->filename);
+               if (r < 0 || (size_t)r >= sizeof buf) {
+                       (void) fclose (db->fp);
+                       db->fp = NULL;
+                       goto fail;
+               }
 
 #ifdef WITH_SELINUX
                if (set_selinux_file_context (db->filename, S_IFREG) != 0) {
@@ -947,15 +952,15 @@ int commonio_close (struct commonio_db *db)
                        errors++;
                }
 
+               db->fp = NULL;
+
 #ifdef WITH_SELINUX
                if (reset_selinux_file_context () != 0) {
                        errors++;
                }
 #endif
-               if (errors != 0) {
-                       db->fp = NULL;
+               if (errors != 0)
                        goto fail;
-               }
        } else {
                /*
                 * Default permissions for new [g]shadow files.
@@ -965,7 +970,9 @@ int commonio_close (struct commonio_db *db)
                sb.st_gid = db->st_gid;
        }
 
-       snprintf (buf, sizeof buf, "%s+", db->filename);
+       r = snprintf (buf, sizeof buf, "%s+", db->filename);
+       if (r < 0 || (size_t)r >= sizeof buf)
+               goto fail;
 
 #ifdef WITH_SELINUX
        if (set_selinux_file_context (db->filename, S_IFREG) != 0) {
Mirror of https://github.com/shadow-maint/shadow.git