Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 16 May 2019 10:03:42 +0200
From: Szabolcs Nagy <nsz@...t70.net>
To: musl@...ts.openwall.com
Cc: rtweed@...ughtmachine.net, chen jie <chenjie6@...wei.com>
Subject: Re: [PATCH] musl: bugfix getspnam_r negative

* chenjie6@...wei.com <chenjie6@...wei.com> [2019-05-16 02:31:04 +0000]:
> From: chen jie <chenjie6@...wei.com>
> 
> The /etc/shadow contain:
> sshd:*:11880:0:90:7:-1:-1:0

note that it is not documented what -1 day means here.
http://man7.org/linux/man-pages/man5/shadow.5.html

glibc uses -1 internally to mark empty fields and parses
the field as signed int, so it happens to work, but you
may want to fix your /etc/shadow to match the specs.

> the *s can not ++; __parsespent will not keep going down
> 
> Signed-off-by: jie chen<chenjie6@...wei.com>
> ---
>  src/passwd/getspnam_r.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/src/passwd/getspnam_r.c b/src/passwd/getspnam_r.c
> index 541e8531..1cb55bcd 100644
> --- a/src/passwd/getspnam_r.c
> +++ b/src/passwd/getspnam_r.c
> @@ -15,8 +15,16 @@
>  static long xatol(char **s)
>  {
>  	long x;
> +	int sign;
> +
>  	if (**s == ':' || **s == '\n') return -1;
> +
> +	sign = (int)(unsigned char)**s;
> +	if (sign == '-' || sign == '+') ++*s;
> +
>  	for (x=0; **s-'0'<10U; ++*s) x=10*x+(**s-'0');
> +
> +	if (sign == '-') return -x;
>  	return x;
>  }
>  
> -- 
> 2.18.GIT

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.