local-nss-overflow

author GNU Libc Maintainers <debian-glibc@lists.debian.org>

Sun, 10 Jul 2022 20:29:34 +0000 (21:29 +0100)

committer Aurelien Jarno <aurel32@debian.org>

Sun, 10 Jul 2022 20:29:34 +0000 (21:29 +0100)
author GNU Libc Maintainers <debian-glibc@lists.debian.org>
Sun, 10 Jul 2022 20:29:34 +0000 (21:29 +0100)
committer Aurelien Jarno <aurel32@debian.org>
Sun, 10 Jul 2022 20:29:34 +0000 (21:29 +0100)
diff --git a/nss/nss_files/files-parse.c b/nss/nss_files/files-parse.c

index 68c51c7cbf80fd523512402cc99a9f43741c9a47..0a6c2a68388de6380fa79b7829c8e843c40bc801 100644 (file)
--- a/nss/nss_files/files-parse.c
+++ b/nss/nss_files/files-parse.c
@@ -21,6 +21,7 @@
  #include <string.h>
  #include <stdlib.h>
  #include <stdint.h>
+#include <limits.h>
  #include <nss_files.h>
  
  /* These symbols are defined by the including source file:
@@ -162,7 +163,12 @@ strtou32 (const char *nptr, char **endptr, int base)
  # define INT_FIELD(variable, terminator_p, swallow, base, convert)           \
    {                                                                          \
      char *endp;                                                                      \
-    variable = convert (strtou32 (line, &endp, base));                       \
+    unsigned long long tmp;                                                  \
+    /* Prevent from 32-bit overflow.  */                                     \
+    tmp = __strtoull_internal (line, &endp, base, 0);                        \
+    if (tmp > UINT_MAX)                                                      \
+      return 0;                                                                      \
+    variable = convert ((unsigned long int)tmp);                             \
      if (endp == line)                                                        \
        return 0;                                                                      \
      else if (terminator_p (*endp))                                           \
@@ -177,10 +183,15 @@ strtou32 (const char *nptr, char **endptr, int base)
  # define INT_FIELD_MAYBE_NULL(variable, terminator_p, swallow, base, convert, default)       \
    {                                                                          \
      char *endp;                                                                      \
+    unsigned long long tmp;                                                  \
      if (*line == '\0')                                                       \
        /* We expect some more input, so don't allow the string to end here. */ \
        return 0;                                                                      \
-    variable = convert (strtou32 (line, &endp, base));                       \
+    /* Prevent from 32-bit overflow.  */                                     \
+    tmp = __strtoull_internal (line, &endp, base, 0);                \
+    if (tmp > UINT_MAX)                                                      \
+      return 0;                                                                      \
+    variable = convert ((unsigned long int)tmp);                             \
      if (endp == line)                                                        \
        variable = default;                                                    \
      if (terminator_p (*endp))                                                \
author	GNU Libc Maintainers <debian-glibc@lists.debian.org>
	Sun, 10 Jul 2022 20:29:34 +0000 (21:29 +0100)
committer	Aurelien Jarno <aurel32@debian.org>
	Sun, 10 Jul 2022 20:29:34 +0000 (21:29 +0100)