constrain & expansion to LINE_MAX for safety

1 files changed, 18 insertions, 5 deletions

diff --git a/usr.bin/chpass/pw_yp.c b/usr.bin/chpass/pw_yp.c
index df0f45f4b1b..c77c82502e7 100644
--- a/usr.bin/chpass/pw_yp.c
+++ b/usr.bin/chpass/pw_yp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pw_yp.c,v 1.4 1996/08/31 01:55:33 deraadt Exp $	*/
+/*	$OpenBSD: pw_yp.c,v 1.5 1996/08/31 13:50:19 deraadt Exp $	*/
 /*	$NetBSD: pw_yp.c,v 1.5 1995/03/26 04:55:33 glass Exp $	*/
 
 /*
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)pw_yp.c	1.0 2/2/93";
 #else
-static char rcsid[] = "$OpenBSD: pw_yp.c,v 1.4 1996/08/31 01:55:33 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: pw_yp.c,v 1.5 1996/08/31 13:50:19 deraadt Exp $";
 #endif
 #endif /* not lint */
 
@@ -65,8 +65,9 @@ pw_yp(pw, uid)
 	uid_t uid;
 {
 	char *master;
-	char *pp;
-	int r, rpcport, status;
+	char *pp, *p;
+	char buf[10];
+	int r, rpcport, status, alen;
 	struct yppasswd yppasswd;
 	struct timeval tv;
 	CLIENT *client;
@@ -123,6 +124,18 @@ pw_yp(pw, uid)
 		return(0);
 	}
 	
+	for (alen = 0, p = pw->pw_gecos; *p; p++)
+		if (*p == '&')
+			alen = alen + strlen(pw->pw_name) - 1;
+	if (strlen(pw->pw_name) + 1 + strlen(pw->pw_passwd) + 1 +
+	    strlen((sprintf(buf, "%d", pw->pw_uid), buf)) + 1 +
+	    strlen((sprintf(buf, "%d", pw->pw_gid), buf)) + 1 +
+	    strlen(pw->pw_gecos) + alen + 1 + strlen(pw->pw_dir) + 1 +
+	    strlen(pw->pw_shell) >= 1023) {
+		warnx("entries too long");
+		return (0);
+	}
+
 	/* tell rpc.yppasswdd */
 	yppasswd.newpw.pw_name	= pw->pw_name;
 	yppasswd.newpw.pw_passwd= pw->pw_passwd;
@@ -131,7 +144,7 @@ pw_yp(pw, uid)
 	yppasswd.newpw.pw_gecos = pw->pw_gecos;
 	yppasswd.newpw.pw_dir	= pw->pw_dir;
 	yppasswd.newpw.pw_shell	= pw->pw_shell;
-	
+
 	client = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
 	if (client==NULL) {
 		fprintf(stderr, "can't contact yppasswdd on %s: Reason: %s\n",