NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/43852: yp_passwd command may destroy NIS database entries when used on a server that includes users via netgroups



The following reply was made to PR bin/43852; it has been noted by GNATS.

From: Wolfgang Stukenbrock <Wolfgang.Stukenbrock%nagler-company.com@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: Wolfgang.Stukenbrock%nagler-company.com@localhost
Subject: Re: bin/43852: yp_passwd command may destroy NIS database entries when 
used on a server that includes users via netgroups
Date: Wed, 08 Sep 2010 14:56:07 +0200

 Hi again,
 
 sorry I'm too fast ....
 
 There are some parts missint in the patch I've send before ..
 
 The changes done to my original change are largar as I've recognized before.
 
 Please use the following patch instead.
 - It will access master.passwd.byname if presend - as done in the 
 getpwnam stuff
 - It will not free the still used memory returned from yp_match and that 
 is not reallocated by pw_scan()
 The only difference is in the block starting ag line 172 - that one was 
 missing
 Sorry again.
 
 Thanks
 
 --- yp_passwd.c 2010/09/08 12:20:59     1.1
 +++ yp_passwd.c 2010/09/08 12:49:59
 @@ -172,16 +172,22 @@
          int ok = 0;
 
          val = NULL;
 -       reason = yp_match(domain, "passwd.byname", nam, (int)strlen(nam),
 +       flags = 0;
 +       reason = yp_match(domain, "master.passwd.byname", nam, 
 (int)strlen(nam),
                            &val, &vallen);
 +       if (YPERR_MAP == reason) {
 +             reason = yp_match(domain, "passwd.byname", nam, 
 (int)strlen(nam),
 +                               &val, &vallen);
 +             flags = _PASSWORD_OLDFMT;
 +       }
          if (reason != 0)
                  goto out;
 
 -       flags = _PASSWORD_OLDFMT;
          if (pw_scan(val, pwd, &flags) == 0)
                  goto out;
 
          ok = 1;
 +       val = NULL; // do not free the memory - still in use
   out:
          if (val)
                  free(val);
 @@ -212,7 +218,7 @@
          char *master;
          int ch, r, rpcport, status;
          struct yppasswd ypp;
 -       struct passwd pwb, *pw;
 +       struct passwd pwb, pwb2, *pw;
          char pwbuf[1024];
          struct timeval tv;
          CLIENT *client;
 @@ -284,16 +290,16 @@
 
          /* Bail out if this is a local (non-yp) user, */
          /* then get user's login identity */
 -       if (!ypgetpwnam(username, pw = &pwb) ||
 -           getpwnam_r(username, &pwb, pwbuf, sizeof(pwbuf), &pw) ||
 +       if (!ypgetpwnam(username, &pwb) ||
 +           getpwnam_r(username, &pwb2, pwbuf, sizeof(pwbuf), &pw) ||
              pw == NULL)
                  errx(1, "NIS unknown user %s", username);
 
 -       if (uid && uid != pw->pw_uid)
 +       if (uid && uid != pwb.pw_uid)
                  errx(1, "you may only change your own password: %s",
                      strerror(EACCES));
 
 -       makeypp(&ypp, pw);
 +       makeypp(&ypp, &pwb);
 
          client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
          if (client == NULL)
 @@ -374,7 +380,7 @@
          char *master;
          int r, rpcport, status;
          struct yppasswd ypp;
 -       struct passwd *pw, pwb;
 +       struct passwd *pw, pwb, pwb2;
          char pwbuf[1024];
          struct timeval tv;
          CLIENT *client;
 @@ -418,19 +424,19 @@
 
          /* Bail out if this is a local (non-yp) user, */
          /* then get user's login identity */
 -       if (!ypgetpwnam(username, pw = &pwb) ||
 -           getpwnam_r(username, &pwb, pwbuf, sizeof(pwbuf), &pw) ||
 +       if (!ypgetpwnam(username, &pwb) ||
 +           getpwnam_r(username, &pwb2, pwbuf, sizeof(pwbuf), &pw) ||
              pw == NULL) {
                  warnx("NIS unknown user %s", username);
                  /* continuation */
                  return(-1);
          }
 
 -       if (uid && uid != pw->pw_uid)
 +       if (uid && uid != pwb.pw_uid)
                  errx(1, "you may only change your own password: %s",
                      strerror(EACCES));
 
 -       makeypp(&ypp, pw);
 +       makeypp(&ypp, &pwb);
 
          client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
          if (client == NULL) {
 
 
 
 
 gnats-admin%NetBSD.org@localhost wrote:
 
 > Thank you very much for your problem report.
 > It has the internal identification `bin/43852'.
 > The individual assigned to look at your
 > report is: bin-bug-people. 
 > 
 > 
 >>Category:       bin
 >>Responsible:    bin-bug-people
 >>Synopsis:       yp_passwd command may destroy NIS database entries when used 
 >>on a server that includes users via netgroups
 >>Arrival-Date:   Wed Sep 08 12:25:00 +0000 2010
 >>
 > 
 
 


Home | Main Index | Thread Index | Old Index