constrain & expansion to LINE_MAX for safety

diff --git a/libexec/rpc.yppasswdd/yppasswdd_mkpw.c b/libexec/rpc.yppasswdd/yppasswdd_mkpw.c
index 8f3f62f..08ba145 100644 (file)
--- a/libexec/rpc.yppasswdd/yppasswdd_mkpw.c
+++ b/libexec/rpc.yppasswdd/yppasswdd_mkpw.c
@@ -30,7 +30,7 @@
  */
 
 #ifndef LINT
-static char rcsid[] = "$Id: yppasswdd_mkpw.c,v 1.7 1996/08/30 15:10:02 deraadt Exp $";
+static char rcsid[] = "$Id: yppasswdd_mkpw.c,v 1.8 1996/08/31 13:54:13 deraadt Exp $";
 #endif
 
 #include <sys/types.h>
@@ -75,6 +75,8 @@ make_passwd(argp)
 {
        struct passwd *pw;
        int     pfd, tfd;
+       char    buf[10], *p;
+       int     alen;
 
        pw = getpwnam(argp->newpw.pw_name);
        if (!pw)
@@ -90,9 +92,6 @@ make_passwd(argp)
        if (!nogecos && badchars(argp->newpw.pw_shell))
                return (1);
 
-       pw_init();
-       tfd = pw_lock(0);
-
        /*
         * Get the new password.  Reset passwd change time to zero; when
         * classes are implemented, go and get the "offset" value for this
@@ -107,6 +106,20 @@ make_passwd(argp)
        if (!noshell)
                pw->pw_shell = argp->newpw.pw_shell;
 
+       for (alen = 0, p = pw->pw_gecos; *p; p++)
+               if (*p == '&')
+                       alen = alen + strlen(pw->pw_name) - 1;
+       if (strlen(pw->pw_name) + 1 + strlen(pw->pw_passwd) + 1 +
+           strlen((sprintf(buf, "%d", pw->pw_uid), buf)) + 1 +
+           strlen((sprintf(buf, "%d", pw->pw_gid), buf)) + 1 +
+           strlen(pw->pw_gecos) + alen + 1 + strlen(pw->pw_dir) + 1 +
+           strlen(pw->pw_shell) >= 1023) {
+               return (1);
+       }
+
+       pw_init();
+       tfd = pw_lock(0);
+
        pw_copy(pfd, tfd, pw);
        pw_mkdb();
 

diff --git a/usr.bin/chpass/pw_yp.c b/usr.bin/chpass/pw_yp.c
index df0f45f..c77c825 100644 (file)
--- a/usr.bin/chpass/pw_yp.c
+++ b/usr.bin/chpass/pw_yp.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pw_yp.c,v 1.4 1996/08/31 01:55:33 deraadt Exp $       */
+/*     $OpenBSD: pw_yp.c,v 1.5 1996/08/31 13:50:19 deraadt Exp $       */
 /*     $NetBSD: pw_yp.c,v 1.5 1995/03/26 04:55:33 glass Exp $  */
 
 /*
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)pw_yp.c    1.0 2/2/93";
 #else
-static char rcsid[] = "$OpenBSD: pw_yp.c,v 1.4 1996/08/31 01:55:33 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: pw_yp.c,v 1.5 1996/08/31 13:50:19 deraadt Exp $";
 #endif
 #endif /* not lint */
 
@@ -65,8 +65,9 @@ pw_yp(pw, uid)
        uid_t uid;
 {
        char *master;
-       char *pp;
-       int r, rpcport, status;
+       char *pp, *p;
+       char buf[10];
+       int r, rpcport, status, alen;
        struct yppasswd yppasswd;
        struct timeval tv;
        CLIENT *client;
@@ -123,6 +124,18 @@ pw_yp(pw, uid)
                return(0);
        }
        
+       for (alen = 0, p = pw->pw_gecos; *p; p++)
+               if (*p == '&')
+                       alen = alen + strlen(pw->pw_name) - 1;
+       if (strlen(pw->pw_name) + 1 + strlen(pw->pw_passwd) + 1 +
+           strlen((sprintf(buf, "%d", pw->pw_uid), buf)) + 1 +
+           strlen((sprintf(buf, "%d", pw->pw_gid), buf)) + 1 +
+           strlen(pw->pw_gecos) + alen + 1 + strlen(pw->pw_dir) + 1 +
+           strlen(pw->pw_shell) >= 1023) {
+               warnx("entries too long");
+               return (0);
+       }
+
        /* tell rpc.yppasswdd */
        yppasswd.newpw.pw_name  = pw->pw_name;
        yppasswd.newpw.pw_passwd= pw->pw_passwd;
@@ -131,7 +144,7 @@ pw_yp(pw, uid)
        yppasswd.newpw.pw_gecos = pw->pw_gecos;
        yppasswd.newpw.pw_dir   = pw->pw_dir;
        yppasswd.newpw.pw_shell = pw->pw_shell;
-       
+
        client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
        if (client==NULL) {
                fprintf(stderr, "can't contact yppasswdd on %s: Reason: %s\n",