oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use asprintf to avoid truncating pathnames

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14856 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-04-19 18:59:46 +00:00
parent e441948975
commit dd3ec19f74
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/krb5/kuserok.c
View File

@@ -140,7 +140,7 @@ krb5_kuserok (krb5_context context,
krb5_principal principal, krb5_principal principal,
const char *luser) const char *luser)
{ {
char buf[BUFSIZ]; char *buf;
struct passwd *pwd; struct passwd *pwd;
krb5_error_code ret; krb5_error_code ret;
krb5_boolean result = FALSE; krb5_boolean result = FALSE;
@@ -158,21 +158,23 @@ krb5_kuserok (krb5_context context,
return FALSE; return FALSE;
/* check user's ~/.k5login */ /* check user's ~/.k5login */
snprintf (buf, sizeof(buf), "%s/.k5login", pwd->pw_dir); if (asprintf (&buf, "%s/.k5login", pwd->pw_dir) == -1)
return FALSE;
ret = check_one_file(context, buf, pwd, principal, &result); ret = check_one_file(context, buf, pwd, principal, &result);
/* but if it doesn't exist, allow all principals /* but if it doesn't exist, allow all principals
matching <localuser>@<LOCALREALM> */ matching <localuser>@<LOCALREALM> */
if(ret == ENOENT) if(ret == ENOENT) {
free(buf);
return match_local_principals(context, principal, luser); return match_local_principals(context, principal, luser);
}
#if notyet #if notyet
/* on the other hand, if it's a directory, check all files /* on the other hand, if it's a directory, check all files
contained therein */ contained therein */
if (ret == EISDIR) { if (ret == EISDIR) {
DIR *d = opendir(buf); DIR *d = opendir(buf);
struct dirent *dent; struct dirent *dent;
char buf2[BUFSIZ]; char *buf2;
if(d == NULL) if(d == NULL)
return FALSE; return FALSE;
@@ -180,14 +182,17 @@ krb5_kuserok (krb5_context context,
if(strcmp(dent->d_name, ".") == 0 || if(strcmp(dent->d_name, ".") == 0 ||
strcmp(dent->d_name, "..") == 0) strcmp(dent->d_name, "..") == 0)
continue; continue;
snprintf(buf2, sizeof(buf2), "%s/%s", buf, dent->d_name); if (asprintf(&buf2, "%s/%s", buf, dent->d_name) == -1)
break;
ret = check_one_file(context, buf2, pwd, principal, &result); ret = check_one_file(context, buf2, pwd, principal, &result);
free(buf2);
if(ret == 0 && result == TRUE) if(ret == 0 && result == TRUE)
break; break;
} }
closedir(d); closedir(d);
} }
#endif #endif
free(buf);
if (ret) if (ret)
return FALSE; return FALSE;
return result; return result;