From: Oliver Kurth <okurth@vmware.com>
Date: Fri, 23 Mar 2018 21:57:12 +0000 (-0700)
Subject: sysconf() usage leads to crashes in BSD tools
X-Git-Tag: stable-10.3.0~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9463abdc0d56d0612237faf01a5736c9998b499;p=thirdparty%2Fopen-vm-tools.git

sysconf() usage leads to crashes in BSD tools

Not using the sysconf interface properly when determinining the
getpwent buffer size. Fix this.

Problem was identified and proposed fix was submitted in pull request
https://github.com/vmware/open-vm-tools/pull/238
---

diff --git a/open-vm-tools/lib/auth/authPosix.c b/open-vm-tools/lib/auth/authPosix.c
index 655dca754..2a19a2390 100644
--- a/open-vm-tools/lib/auth/authPosix.c
+++ b/open-vm-tools/lib/auth/authPosix.c
@@ -1,5 +1,5 @@
 /*********************************************************
- * Copyright (C) 2003-2017 VMware, Inc. All rights reserved.
+ * Copyright (C) 2003-2018 VMware, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as published
@@ -19,6 +19,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <errno.h>
 #include <unistd.h> // for access, crypt, etc.
 #if !defined USE_PAM && !defined __APPLE__
 #include <shadow.h>
@@ -262,8 +263,8 @@ static struct pam_conv PAM_conversation = {
 static AuthTokenInternal *
 AuthAllocateToken(void)
 {
+   long bufSize;
    AuthTokenInternal *ati;
-   size_t bufSize;
 
    /*
     * We need to get the maximum size buffer needed by getpwuid_r from
@@ -271,9 +272,15 @@ AuthAllocateToken(void)
     * by the Posix_Get*_r() wrappers.
     */
 
-   bufSize = (size_t) sysconf(_SC_GETPW_R_SIZE_MAX) * 4;
+   errno = 0;
+   bufSize = sysconf(_SC_GETPW_R_SIZE_MAX);
+   if ((errno != 0) || (bufSize <= 0)) {
+      bufSize = 16 * 1024;  // Unlimited; pick something reasonable
+   }
+
+   bufSize *= 4;
 
-   ati = Util_SafeMalloc(sizeof *ati + bufSize);
+   ati = Util_SafeMalloc(sizeof *ati + (size_t) bufSize);
    ati->bufSize = bufSize;
 
    return ati;
diff --git a/open-vm-tools/lib/file/fileTempPosix.c b/open-vm-tools/lib/file/fileTempPosix.c
index cd76d5a3a..2bd591319 100644
--- a/open-vm-tools/lib/file/fileTempPosix.c
+++ b/open-vm-tools/lib/file/fileTempPosix.c
@@ -205,13 +205,18 @@ FileGetUserName(uid_t uid)  // IN:
 #if defined(__APPLE__)
    memPoolSize = _PASSWORD_LEN;
 #else
+   errno = 0;
    memPoolSize = sysconf(_SC_GETPW_R_SIZE_MAX);
 
-   if (memPoolSize <= 0) {
+   if ((errno != 0) || (memPoolSize == 0)) {
       Warning("%s: sysconf(_SC_GETPW_R_SIZE_MAX) failed.\n", __FUNCTION__);
 
       return NULL;
    }
+
+   if (memPoolSize == -1) {  // Unlimited; pick something reasonable
+      memPoolSize = 16 * 1024;
+   }
 #endif
 
    memPool = Util_SafeMalloc(memPoolSize);