From: millert Date: Sun, 28 Jul 2024 19:13:26 +0000 (+0000) Subject: pwd_mkdb: limit db entries to _PW_BUF_LEN to match libc X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=a63a57f89692a86cb0e0973483b9f8f8a9206f7a;p=openbsd pwd_mkdb: limit db entries to _PW_BUF_LEN to match libc Otherwise, it is possible to create a passwd(5) entry that is too large for getpwent(3), which ignores database entries larger than _PW_BUF_LEN. This adds a check in db_store() so that we do not store an entry larger than getpwent(3) can read. Callers of pwd_mkdb(8), typically via pw_mkdb(3), already check for failure. In most cases, the checks in chpass(1) will prevent a user from creating an entry that is too large by changing their gecos field. However, it is only when storing the db record that we know the true size. OK deraadt@ --- diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c index 14a0187eda1..30716fe1f0c 100644 --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pwd_mkdb.c,v 1.61 2023/04/19 12:58:16 jsg Exp $ */ +/* $OpenBSD: pwd_mkdb.c,v 1.62 2024/07/28 19:13:26 millert Exp $ */ /*- * Copyright (c) 1991, 1993, 1994 @@ -608,6 +608,10 @@ db_store(FILE *fp, FILE *oldfp, DB *edp, DB *dp, struct passwd *pw, p += sizeof(int); data.size = p - buf; + /* getpwent() does not support entries > _PW_BUF_LEN. */ + if (data.size > _PW_BUF_LEN) + fatalx("%s: entry too large", pw->pw_name); + /* Write the secure record. */ if ((edp->put)(edp, &key, &data, dbmode) == -1) fatal("put");