sysconf() usage leads to crashes in BSD tools

Not using the sysconf interface properly when determinining the
getpwent buffer size. Fix this.

Problem was identified and proposed fix was submitted in pull request
https://github.com/vmware/open-vm-tools/pull/238

diff --git a/open-vm-tools/lib/auth/authPosix.c b/open-vm-tools/lib/auth/authPosix.c
index 655dca754f57e9b68b5b2e3e3276719f0d2b1256..2a19a23907591d9e9b62a7d30e03a519fc293a13 100644 (file)
--- a/open-vm-tools/lib/auth/authPosix.c
+++ b/open-vm-tools/lib/auth/authPosix.c
@@ -1,5 +1,5 @@
 /*********************************************************
- * Copyright (C) 2003-2017 VMware, Inc. All rights reserved.
+ * Copyright (C) 2003-2018 VMware, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as published
@@ -19,6 +19,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <errno.h>
 #include <unistd.h> // for access, crypt, etc.
 #if !defined USE_PAM && !defined __APPLE__
 #include <shadow.h>
@@ -262,8 +263,8 @@ static struct pam_conv PAM_conversation = {
 static AuthTokenInternal *
 AuthAllocateToken(void)
 {
+   long bufSize;
    AuthTokenInternal *ati;
-   size_t bufSize;
 
    /*
     * We need to get the maximum size buffer needed by getpwuid_r from
@@ -271,9 +272,15 @@ AuthAllocateToken(void)
     * by the Posix_Get*_r() wrappers.
     */
 
-   bufSize = (size_t) sysconf(_SC_GETPW_R_SIZE_MAX) * 4;
+   errno = 0;
+   bufSize = sysconf(_SC_GETPW_R_SIZE_MAX);
+   if ((errno != 0) || (bufSize <= 0)) {
+      bufSize = 16 * 1024;  // Unlimited; pick something reasonable
+   }
+
+   bufSize *= 4;
 
-   ati = Util_SafeMalloc(sizeof *ati + bufSize);
+   ati = Util_SafeMalloc(sizeof *ati + (size_t) bufSize);
    ati->bufSize = bufSize;
 
    return ati;

diff --git a/open-vm-tools/lib/file/fileTempPosix.c b/open-vm-tools/lib/file/fileTempPosix.c
index cd76d5a3a0edd1555333d2b4cf95231ea0d232e4..2bd591319431535c3aaca194c053f2f9330a1f11 100644 (file)
--- a/open-vm-tools/lib/file/fileTempPosix.c
+++ b/open-vm-tools/lib/file/fileTempPosix.c
@@ -205,13 +205,18 @@ FileGetUserName(uid_t uid)  // IN:
 #if defined(__APPLE__)
    memPoolSize = _PASSWORD_LEN;
 #else
+   errno = 0;
    memPoolSize = sysconf(_SC_GETPW_R_SIZE_MAX);
 
-   if (memPoolSize <= 0) {
+   if ((errno != 0) || (memPoolSize == 0)) {
       Warning("%s: sysconf(_SC_GETPW_R_SIZE_MAX) failed.\n", __FUNCTION__);
 
       return NULL;
    }
+
+   if (memPoolSize == -1) {  // Unlimited; pick something reasonable
+      memPoolSize = 16 * 1024;
+   }
 #endif
 
    memPool = Util_SafeMalloc(memPoolSize);