diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2021-12-15 04:00:16 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2021-12-15 04:00:16 +0000 |
| commit | c8552c2995ea07790a077adeb89534b7005969b8 (patch) | |
| tree | f0a9dbb364a0e03200836f1910fd533ad03777ad /usr.sbin | |
| parent | 346435ba1b1d5535cb3aa172f71e8471b89851d4 (diff) | |
PATH_MAX+1 rarely makes sense, and abort if this happens in the imsg.
ok jmatthew millert
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ldapd/ldapd.c | 6 | ||||
| -rw-r--r-- | usr.sbin/ldapd/ldapd.h | 4 | ||||
| -rw-r--r-- | usr.sbin/ldapd/ldape.c | 6 |
3 files changed, 8 insertions, 8 deletions
diff --git a/usr.sbin/ldapd/ldapd.c b/usr.sbin/ldapd/ldapd.c index eb3ff811e34..0bb6a59b674 100644 --- a/usr.sbin/ldapd/ldapd.c +++ b/usr.sbin/ldapd/ldapd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldapd.c,v 1.29 2021/07/14 13:33:57 kn Exp $ */ +/* $OpenBSD: ldapd.c,v 1.30 2021/12/15 04:00:15 deraadt Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -381,8 +381,8 @@ ldapd_open_request(struct imsgev *iev, struct imsg *imsg) if (imsg->hdr.len != sizeof(*oreq) + IMSG_HEADER_SIZE) fatal("invalid size of open request"); - /* make sure path is null-terminated */ - oreq->path[PATH_MAX] = '\0'; + if (oreq->path[PATH_MAX-1] != '\0') + fatal("bogus path"); if (strncmp(oreq->path, datadir, strlen(datadir)) != 0) { log_warnx("refusing to open file %s", oreq->path); diff --git a/usr.sbin/ldapd/ldapd.h b/usr.sbin/ldapd/ldapd.h index 0f9988d7fac..39ed38d6aa8 100644 --- a/usr.sbin/ldapd/ldapd.h +++ b/usr.sbin/ldapd/ldapd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ldapd.h,v 1.35 2021/04/20 21:11:56 dv Exp $ */ +/* $OpenBSD: ldapd.h,v 1.36 2021/12/15 04:00:15 deraadt Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -283,7 +283,7 @@ struct auth_res }; struct open_req { - char path[PATH_MAX+1]; + char path[PATH_MAX]; unsigned int rdonly; }; diff --git a/usr.sbin/ldapd/ldape.c b/usr.sbin/ldapd/ldape.c index 4a716b9f9b0..6a6c8f1c0f3 100644 --- a/usr.sbin/ldapd/ldape.c +++ b/usr.sbin/ldapd/ldape.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldape.c,v 1.34 2021/04/20 21:11:56 dv Exp $ */ +/* $OpenBSD: ldape.c,v 1.35 2021/12/15 04:00:15 deraadt Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -545,8 +545,8 @@ ldape_open_result(struct imsg *imsg) if (imsg->hdr.len != sizeof(*oreq) + IMSG_HEADER_SIZE) fatal("invalid size of open result"); - /* make sure path is null-terminated */ - oreq->path[PATH_MAX] = '\0'; + if (oreq->path[PATH_MAX-1] != '\0') + fatal("bogus path"); log_debug("open(%s) returned fd %d", oreq->path, imsg->fd); |