The branch, master has been updated via 1c793e1 uwrap: Improve parsing IDs from env variables via 7d12d4e uwrap: Fix integer overflowed argument from 111ac8e uwrap: Use calloc to allocate groups array
https://git.samba.org/?p=uid_wrapper.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 1c793e19f1cb8cb33defb171c9ae719ec8a820da Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 1 08:14:30 2017 +0200 uwrap: Improve parsing IDs from env variables Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit 7d12d4eb01ee0d0d1bd3ee1d02f20d99009c4c73 Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 1 08:11:28 2017 +0200 uwrap: Fix integer overflowed argument The previous fix did not address the conversion from 64bit to 32bit. CID 165232 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> ----------------------------------------------------------------------- Summary of changes: src/uid_wrapper.c | 89 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 57 insertions(+), 32 deletions(-) Changeset truncated at 500 lines: diff --git a/src/uid_wrapper.c b/src/uid_wrapper.c index b3d12c5..9c4b0ee 100644 --- a/src/uid_wrapper.c +++ b/src/uid_wrapper.c @@ -34,6 +34,7 @@ #include <syscall.h> #endif #include <dlfcn.h> +#include <limits.h> #include <pthread.h> @@ -972,6 +973,31 @@ static void uwrap_thread_child(void) UWRAP_UNLOCK_ALL; } +static unsigned long uwrap_get_xid_from_env(const char *envname) +{ + unsigned long xid; + const char *env = NULL; + char *endp = NULL; + + env = getenv(envname); + if (env == NULL) { + return ULONG_MAX; + } + + if (env[0] == '\0') { + unsetenv("UID_WRAPPER_INITIAL_RUID"); + return ULONG_MAX; + } + + xid = strtoul(env, &endp, 10); + unsetenv("UID_WRAPPER_INITIAL_RUID"); + if (env == endp) { + return ULONG_MAX; + } + + return xid; +} + /* * This initializes uid_wrapper with the IDs exported to the environment. Those * are normally set after we forked and executed. @@ -980,56 +1006,55 @@ static void uwrap_init_env(struct uwrap_thread *id) { const char *env; int ngroups = 0; + unsigned long xid; - env = getenv("UID_WRAPPER_INITIAL_RUID"); - if (env != NULL && env[0] != '\0') { - UWRAP_LOG(UWRAP_LOG_DEBUG, "Initialize ruid with %s", env); - id->ruid = strtoul(env, (char **)NULL, 10); - unsetenv("UID_WRAPPER_INITIAL_RUID"); + /* UIDs */ + xid = uwrap_get_xid_from_env("UID_WRAPPER_INITIAL_RUID"); + if (xid != ULONG_MAX) { + id->ruid = (uid_t)xid; } - env = getenv("UID_WRAPPER_INITIAL_EUID"); - if (env != NULL && env[0] != '\0') { - UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize euid with %s", env); - id->euid = strtoul(env, (char **)NULL, 10); - unsetenv("UID_WRAPPER_INITIAL_EUID"); + xid = uwrap_get_xid_from_env("UID_WRAPPER_INITIAL_EUID"); + if (xid != ULONG_MAX) { + id->euid = (uid_t)xid; } - env = getenv("UID_WRAPPER_INITIAL_SUID"); - if (env != NULL && env[0] != '\0') { - UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize suid with %s", env); - id->suid = strtoul(env, (char **)NULL, 10); - unsetenv("UID_WRAPPER_INITIAL_SUID"); + xid = uwrap_get_xid_from_env("UID_WRAPPER_INITIAL_SUID"); + if (xid != ULONG_MAX) { + id->suid = (uid_t)xid; } - env = getenv("UID_WRAPPER_INITIAL_RGID"); - if (env != NULL && env[0] != '\0') { - UWRAP_LOG(UWRAP_LOG_DEBUG, "Initialize ruid with %s", env); - id->rgid = strtoul(env, (char **)NULL, 10); - unsetenv("UID_WRAPPER_INITIAL_RGID"); + /* GIDs */ + xid = uwrap_get_xid_from_env("UID_WRAPPER_INITIAL_RGID"); + if (xid != ULONG_MAX) { + id->rgid = (gid_t)xid; } - env = getenv("UID_WRAPPER_INITIAL_EGID"); - if (env != NULL && env[0] != '\0') { - UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize egid with %s", env); - id->egid = strtoul(env, (char **)NULL, 10); - unsetenv("UID_WRAPPER_INITIAL_EGID"); + xid = uwrap_get_xid_from_env("UID_WRAPPER_INITIAL_EGID"); + if (xid != ULONG_MAX) { + id->egid = (gid_t)xid; } - env = getenv("UID_WRAPPER_INITIAL_SGID"); - if (env != NULL && env[0] != '\0') { - UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize sgid with %s", env); - id->sgid = strtoul(env, (char **)NULL, 10); - unsetenv("UID_WRAPPER_INITIAL_SGID"); + xid = uwrap_get_xid_from_env("UID_WRAPPER_INITIAL_SGID"); + if (xid != ULONG_MAX) { + id->sgid = (gid_t)xid; } env = getenv("UID_WRAPPER_INITIAL_GROUPS_COUNT"); if (env != NULL && env[0] != '\0') { - ngroups = strtol(env, (char **)NULL, 10); + char *endp = NULL; + long n; + + n = strtol(env, &endp, 10); + if (env == endp) { + ngroups = 0; + } else if (n > 0 && n < GROUP_MAX_COUNT) { + ngroups = (int)n; + } unsetenv("UID_WRAPPER_INITIAL_GROUPS_COUNT"); } - if (ngroups > 0 && ngroups < GROUP_MAX_COUNT) { + if (ngroups > 0) { int i = 0; id->ngroups = 0; -- UID Wrapper Repository