Project

General

Profile

Actions

Bug #16540

open

libnsl str2userattr() mishandles string from backend

Added by Joshua M. Clulow 19 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
lib - userland libraries
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

The name service switch backend API allows backends to provide a string buffer and a length to the str2ent function provided to transform string format records into objects. Unfortunately the user_attr database routine, str2userattr(), then performs an uncritical strncpy() using the wrong length.

The NSS API is not (yet!) Committed or even documented, and it would appear that all of the in-gate backends provide a string which just happens to be correctly null-terminated, so there is no impact here unless you're developing a new backend.

No data to display

Actions

Also available in: Atom PDF