nsz Git - musl/blob - src/passwd/getpw_a.c

   1 #include <pthread.h>
   2 #include <byteswap.h>
   3 #include <string.h>
   4 #include <unistd.h>
   5 #include "pwf.h"
   6 #include "nscd.h"
   7
   8 static char *itoa(char *p, uint32_t x)
   9 {
  10         // number of digits in a uint32_t + NUL
  11         p += 11;
  12         *--p = 0;
  13         do {
  14                 *--p = '0' + x % 10;
  15                 x /= 10;
  16         } while (x);
  17         return p;
  18 }
  19
  20 int __getpw_a(const char *name, uid_t uid, struct passwd *pw, char **buf, size_t *size, struct passwd **res)
  21 {
  22         FILE *f;
  23         int cs;
  24         int rv = 0;
  25
  26         *res = 0;
  27
  28         pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
  29
  30         f = fopen("/etc/passwd", "rbe");
  31         if (!f) {
  32                 rv = errno;
  33                 goto done;
  34         }
  35
  36         while (!(rv = __getpwent_a(f, pw, buf, size, res)) && *res) {
  37                 if (name && !strcmp(name, (*res)->pw_name)
  38                 || !name && (*res)->pw_uid == uid)
  39                         break;
  40         }
  41         fclose(f);
  42
  43         if (!*res && (rv == 0 || rv == ENOENT || rv == ENOTDIR)) {
  44                 int32_t req = name ? GETPWBYNAME : GETPWBYUID;
  45                 const char *key;
  46                 int32_t passwdbuf[PW_LEN] = {0};
  47                 size_t len = 0;
  48                 char uidbuf[11] = {0};
  49
  50                 if (name) {
  51                         key = name;
  52                 } else {
  53                         /* uid outside of this range can't be queried with the
  54                          * nscd interface, but might happen if uid_t ever
  55                          * happens to be a larger type (this is not true as of
  56                          * now)
  57                          */
  58                         if(uid < 0 || uid > UINT32_MAX) {
  59                                 rv = 0;
  60                                 goto done;
  61                         }
  62                         key = itoa(uidbuf, uid);
  63                 }
  64
  65                 f = __nscd_query(req, key, passwdbuf, sizeof passwdbuf, (int[]){0});
  66                 if (!f) { rv = errno; goto done; }
  67                 if (f == (FILE*)-1) { rv = 0; goto done; }
  68
  69                 if(!passwdbuf[PWFOUND]) { rv = 0; goto cleanup_f; }
  70
  71                 /* A zero length response from nscd is invalid. We ignore
  72                  * invalid responses and just report an error, rather than
  73                  * trying to do something with them.
  74                  */
  75                 if (!passwdbuf[PWNAMELEN] || !passwdbuf[PWPASSWDLEN]
  76                 || !passwdbuf[PWGECOSLEN] || !passwdbuf[PWDIRLEN]
  77                 || !passwdbuf[PWSHELLLEN]) {
  78                         rv = EIO;
  79                         goto cleanup_f;
  80                 }
  81
  82                 if ((passwdbuf[PWNAMELEN]|passwdbuf[PWPASSWDLEN]
  83                      |passwdbuf[PWGECOSLEN]|passwdbuf[PWDIRLEN]
  84                      |passwdbuf[PWSHELLLEN]) >= SIZE_MAX/8) {
  85                         rv = ENOMEM;
  86                         goto cleanup_f;
  87                 }
  88
  89                 len = passwdbuf[PWNAMELEN] + passwdbuf[PWPASSWDLEN]
  90                     + passwdbuf[PWGECOSLEN] + passwdbuf[PWDIRLEN]
  91                     + passwdbuf[PWSHELLLEN];
  92
  93                 if (len > *size || !*buf) {
  94                         char *tmp = realloc(*buf, len);
  95                         if (!tmp) {
  96                                 rv = errno;
  97                                 goto cleanup_f;
  98                         }
  99                         *buf = tmp;
 100                         *size = len;
 101                 }
 102
 103                 if (!fread(*buf, len, 1, f)) {
 104                         rv = ferror(f) ? errno : EIO;
 105                         goto cleanup_f;
 106                 }
 107
 108                 pw->pw_name = *buf;
 109                 pw->pw_passwd = pw->pw_name + passwdbuf[PWNAMELEN];
 110                 pw->pw_gecos = pw->pw_passwd + passwdbuf[PWPASSWDLEN];
 111                 pw->pw_dir = pw->pw_gecos + passwdbuf[PWGECOSLEN];
 112                 pw->pw_shell = pw->pw_dir + passwdbuf[PWDIRLEN];
 113                 pw->pw_uid = passwdbuf[PWUID];
 114                 pw->pw_gid = passwdbuf[PWGID];
 115
 116                 /* Don't assume that nscd made sure to null terminate strings.
 117                  * It's supposed to, but malicious nscd should be ignored
 118                  * rather than causing a crash.
 119                  */
 120                 if (pw->pw_passwd[-1] || pw->pw_gecos[-1] || pw->pw_dir[-1]
 121                 || pw->pw_shell[passwdbuf[PWSHELLLEN]-1]) {
 122                         rv = EIO;
 123                         goto cleanup_f;
 124                 }
 125
 126                 if (name && strcmp(name, pw->pw_name)
 127                 || !name && uid != pw->pw_uid) {
 128                         rv = EIO;
 129                         goto cleanup_f;
 130                 }
 131
 132
 133                 *res = pw;
 134 cleanup_f:
 135                 fclose(f);
 136                 goto done;
 137         }
 138
 139 done:
 140         pthread_setcancelstate(cs, 0);
 141         if (rv) errno = rv;
 142         return rv;
 143 }