From: Oliver Kurth <okurth@vmware.com>
Date: Fri, 23 Mar 2018 22:05:35 +0000 (-0700)
Subject: FreeBSD: Improper use of sysconf() for getpwent buffer size leads to
X-Git-Tag: stable-10.3.0~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cdf0406dc669f2284e1e810ac5820f123d46a50e;p=thirdparty%2Fopen-vm-tools.git

FreeBSD: Improper use of sysconf() for getpwent buffer size leads to
         vmtoolsd crash.

On FreeBSD, sysconf(_SC_GETPW_R_SIZE_MAX) can return -1 if it has
no hard limit ultimately resulting in an incorrect buffer size.

This change is adapting the sysconf() ifixes done elsewhere to
bora-vmsoft/services/plugins/vix/vixTools.c and updating the
open-vm-tools AUTHORS file to share credit for the pull request.

https://github.com/vmware/open-vm-tools/pull/238
---

diff --git a/open-vm-tools/AUTHORS b/open-vm-tools/AUTHORS
index 21d0d29b7..4a277a804 100644
--- a/open-vm-tools/AUTHORS
+++ b/open-vm-tools/AUTHORS
@@ -25,3 +25,7 @@ Mike Latimer    Restrict udev rules to disk devices only
 
 Thomas Mueller  Ignore ENXIO errors with SyncDriver
                 - https://github.com/vmware/open-vm-tools/pull/218
+
+Germán M. Bravo FreeBSD: Improper use of sysconf() for getpwent buffer size
+                leads to vmtoolsd crash.
+                - https://github.com/vmware/open-vm-tools/pull/238
diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c
index 98df172d8..3e26e6181 100644
--- a/open-vm-tools/services/plugins/vix/vixTools.c
+++ b/open-vm-tools/services/plugins/vix/vixTools.c
@@ -10133,7 +10133,7 @@ abort:
    struct passwd pwd;
    struct passwd *ppwd = &pwd;
    char *buffer = NULL; // a pool of memory for Posix_Getpwnam_r() to use.
-   size_t bufferSize;
+   long bufferSize;
 
    /*
     * For POSIX systems, look up the uid of 'username', and compare
@@ -10146,9 +10146,15 @@ abort:
     * Multiply by 4 to compensate for the conversion to UTF-8 by
     * the Posix_Getpwnam_r() wrapper.
     */
-   bufferSize = (size_t) sysconf(_SC_GETPW_R_SIZE_MAX) * 4;
+   errno = 0;
+   bufferSize = sysconf(_SC_GETPW_R_SIZE_MAX);
+   if ((errno != 0) || (bufferSize <= 0)) {
+      bufferSize = 16 * 1024;  // Unlimited; pick something reasonable
+   }
+
+   bufferSize *= 4;
 
-   buffer = Util_SafeMalloc(bufferSize);
+   buffer = Util_SafeMalloc((size_t)bufferSize);
 
    if (Posix_Getpwnam_r(username, &pwd, buffer, bufferSize, &ppwd) != 0 ||
        NULL == ppwd) {