X-Git-Url: http://nsz.repo.hu/git/?a=blobdiff_plain;f=src%2Fpasswd%2Fgetspnam_r.c;h=9f3378e96c8c4cc40330cec189d12f4616b9b341;hb=00e6bbcc05403aec1c96674c1060d54f5f237e87;hp=1dd39ce01d973e5f8268cf6775fab909ce12fb49;hpb=0b44a0315b47dd8eced9f3b7f31580cf14bbfc01;p=musl

diff --git a/src/passwd/getspnam_r.c b/src/passwd/getspnam_r.c
index 1dd39ce0..9f3378e9 100644
--- a/src/passwd/getspnam_r.c
+++ b/src/passwd/getspnam_r.c
@@ -1,5 +1,8 @@
 #include <fcntl.h>
 #include <unistd.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <pthread.h>
 #include "pwf.h"
 
 /* This implementation support Openwall-style TCB passwords in place of
@@ -9,6 +12,16 @@
  * file. It also avoids any allocation to prevent memory-exhaustion
  * attacks via huge TCB shadow files. */
 
+static long xatol(const char *s)
+{
+	return isdigit(*s) ? atol(s) : -1;
+}
+
+static void cleanup(void *p)
+{
+	fclose(p);
+}
+
 int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
 {
 	char path[20+NAME_MAX];
@@ -18,6 +31,7 @@ int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct
 	size_t k, l = strlen(name);
 	char *s;
 	int skip = 0;
+	int cs;
 
 	*res = 0;
 
@@ -34,9 +48,12 @@ int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct
 
 	fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK);
 	if (fd >= 0) {
-		f = fdopen(fd, "rb");
-		if (!f) {
+		struct stat st = { 0 };
+		errno = EINVAL;
+		if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
+			pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
 			close(fd);
+			pthread_setcancelstate(cs, 0);
 			return errno;
 		}
 	} else {
@@ -44,6 +61,7 @@ int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct
 		if (!f) return errno;
 	}
 
+	pthread_cleanup_push(cleanup, f);
 	while (fgets(buf, size, f) && (k=strlen(buf))>0) {
 		if (skip || strncmp(name, buf, l)) {
 			skip = buf[k-1] != '\n';
@@ -62,28 +80,28 @@ int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct
 		*s++ = 0; sp->sp_pwdp = s;
 		if (!(s = strchr(s, ':'))) continue;
 
-		*s++ = 0; sp->sp_lstchg = atol(s);
+		*s++ = 0; sp->sp_lstchg = xatol(s);
 		if (!(s = strchr(s, ':'))) continue;
 
-		*s++ = 0; sp->sp_min = atol(s);
+		*s++ = 0; sp->sp_min = xatol(s);
 		if (!(s = strchr(s, ':'))) continue;
 
-		*s++ = 0; sp->sp_max = atol(s);
+		*s++ = 0; sp->sp_max = xatol(s);
 		if (!(s = strchr(s, ':'))) continue;
 
-		*s++ = 0; sp->sp_warn = atol(s);
+		*s++ = 0; sp->sp_warn = xatol(s);
 		if (!(s = strchr(s, ':'))) continue;
 
-		*s++ = 0; sp->sp_inact = atol(s);
+		*s++ = 0; sp->sp_inact = xatol(s);
 		if (!(s = strchr(s, ':'))) continue;
 
-		*s++ = 0; sp->sp_expire = atol(s);
+		*s++ = 0; sp->sp_expire = xatol(s);
 		if (!(s = strchr(s, ':'))) continue;
 
-		*s++ = 0; sp->sp_flag = atol(s);
+		*s++ = 0; sp->sp_flag = xatol(s);
 		*res = sp;
 		break;
 	}
-	fclose(f);
+	pthread_cleanup_pop(1);
 	return rv;
 }