Bugzilla – Attachment 27033 Details for
Bug 63702
VUL-0: CVE-2004-1079: ncpfs: buffer overflow
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
ncpfs-2.2.4-NWDSCreateContextHandleMnt.patch
xxx (text/plain), 5.27 KB, created by
Olaf Hering
on 2004-12-14 19:54:26 UTC
(
hide
)
Description:
ncpfs-2.2.4-NWDSCreateContextHandleMnt.patch
Filename:
MIME Type:
Creator:
Olaf Hering
Created:
2004-12-14 19:54:26 UTC
Size:
5.27 KB
patch
obsolete
>ChangeSet > 1.294 04/11/30 16:42:25 vandrove@vc.cvut.cz +1 -0 > Fix bad buffer overflow in NWDSCreateContextHandleMnt. Plus fix > bogus interpretation of treeName. And split > NWDSCreateContextHandleMnt into two functions, anything taking string > as argument must take context, as string's encoding is defined by > context settings... > > lib/nwclient.c > 1.5 04/11/30 16:42:25 vandrove@vc.cvut.cz +53 -67 > Fix bad buffer overflow in NWDSCreateContextHandleMnt. Plus fix > bogus interpretation of treeName. And split > NWDSCreateContextHandleMnt into two functions, anything taking string > as argument must take context, as string's encoding is defined by > context settings... > >......................................................................... >diff -p -Nru a/lib/nwclient.c b/lib/nwclient.c >--- a/lib/nwclient.c Wed Dec 1 12:52:53 2004 >+++ b/lib/nwclient.c Wed Dec 1 12:52:53 2004 >@@ -358,76 +358,62 @@ static void strcpy_cw(wchar_t *w, const > while ((*w++ = *(const nuint8*)s++) != 0); > } > >-NWDSCCODE NWDSCreateContextHandleMnt(NWDSContextHandle* ctx, const NWDSChar * treeName){ >- >+NWDSCCODE NWDSSetContextHandleTree(NWDSContextHandle ctx, const NWDSChar * treeName) >+{ > #define MAXCONNS 64 >- NWDSCCODE err; >- NWCONN_HANDLE conns[MAXCONNS]; >- >- int curEntries=0; >- NWDS_HANDLE dxh; >- int i; >- union __NWDSAuthInfo * ndai; >- size_t authinfo_len; >- wchar_t wc_treeName[MAX_DN_CHARS+1]; >- >- if (!treeName) >- return ERR_NULL_POINTER; >- >- strcpy_cw (wc_treeName,treeName); >- >- err=NWDSCreateContextHandle (ctx); >- if (err) >- return err; >- >- err= NWCXGetPermConnListByTreeName (conns,MAXCONNS,&curEntries,getuid(),treeName); >- if (err) { >- NWDSFreeContext(*ctx); >- return (err); >- } >-/* printf ("got %d connexion(s) to %s \n",curEntries,treeName);*/ >- dxh=(*ctx)->ds_connection; >- if (! dxh){ /* should not be ???*/ >- NWDSFreeContext(*ctx); >- return EINVAL; >- } >- for (i=0; i <curEntries;i++) { >- NWCONN_HANDLE conn = conns[i]; >- err=NWDSAddConnection (*ctx,conn); >- >- if (err) { >-/* printf ("error adding connection \n");*/ >- NWCCCloseConn(conn); >- continue; >- } >- if (!dxh->authinfo) { >-/* printf ("trying to get authinfo \n");*/ >- err = ncp_get_private_key(conn, NULL, &authinfo_len); >- if (err) >- continue; /* kernel without private key support */ >- if (!authinfo_len) >- continue; /* no private key on this connection */ >- ndai = (union __NWDSAuthInfo*)malloc(authinfo_len); >- if (!ndai) >- continue; /* not enough memory */ >- err = ncp_get_private_key(conn, ndai, &authinfo_len); >- if (err) { >- free(ndai); >- continue; >- } >-/* printf ("got authinfo \n");*/ >- mlock(ndai, authinfo_len); >- dxh->authinfo = ndai; >- if (dxh->dck.tree_name) >- free(dxh->dck.tree_name); >- dxh->dck.tree_name=wcsdup(wc_treeName); >- } >- >- } >- return 0; >- >+ NWDSCCODE err; >+ NWCONN_HANDLE conns[MAXCONNS]; >+ int curEntries; >+ int i; >+ wchar_t treeNameW[MAX_DN_CHARS+1]; >+ char treeNameUTF[MAX_DN_CHARS*4 + 1]; >+ >+ if (!treeName) >+ return ERR_NULL_POINTER; >+ >+ err = NWDSXlateFromCtx(ctx, treeNameW, sizeof(treeNameW), treeName); >+ if (err) >+ return err; >+ err = iconv_wchar_t_to_external(treeNameW, treeNameUTF, sizeof(treeNameUTF)); >+ if (err) >+ return err; >+ err = NWDSSetTreeNameW(ctx, treeNameW); >+ if (err) { >+ return err; >+ } >+ err = NWCXGetPermConnListByTreeName(conns, MAXCONNS, &curEntries, getuid(), treeNameUTF); >+ if (err) { >+ return err; >+ } >+ for (i = 0; i < curEntries; i++) { >+ NWCONN_HANDLE conn = conns[i]; >+ err = NWDSAddConnection(ctx, conn); >+ if (err) { >+ NWCCCloseConn(conn); >+ continue; >+ } >+ } >+ return 0; > } > >+NWDSCCODE NWDSCreateContextHandleMnt(NWDSContextHandle* pctx, const NWDSChar * treeName) >+{ >+ NWDSCCODE err; >+ NWDSContextHandle ctx; >+ >+ if (!pctx) { >+ return ERR_NULL_POINTER; >+ } >+ err = NWDSCreateContextHandle(&ctx); >+ if (err) >+ return err; >+ err = NWDSSetContextHandleTree(ctx, treeName); >+ if (err) >+ NWDSFreeContext(ctx); >+ else >+ *pctx = ctx; >+ return err; >+} > > //#define NOENV 1 <-- testing reading of .nwinfos file > #undef NOENV >diff -p -Nru a/lib/nwnet.c b/lib/nwnet.c >--- a/lib/nwnet.c Wed Dec 1 12:52:53 2004 >+++ b/lib/nwnet.c Wed Dec 1 12:52:53 2004 >@@ -992,6 +992,10 @@ static NWDSCCODE NWDXSetTreeNameW(NWDS_H > return 0; > } > >+NWDSCCODE NWDSSetTreeNameW(NWDSContextHandle ctx, const wchar_t* treename) { >+ return NWDXSetTreeNameW(ctx->ds_connection, treename); >+} >+ > int iconv_external_to_wchar_t(const char* inp, wchar_t* outp, size_t maxl) { > int i; > size_t inl; >diff -p -Nru a/lib/nwnet_i.h b/lib/nwnet_i.h >--- a/lib/nwnet_i.h Wed Dec 1 12:52:53 2004 >+++ b/lib/nwnet_i.h Wed Dec 1 12:52:53 2004 >@@ -416,6 +416,8 @@ NWDSCCODE NWDSXlateFromCtx(NWDSContextHa > NWDSCCODE NWDSXlateToCtx(NWDSContextHandle ctx, void* data, > size_t maxlen, const wchar_t* src, size_t* ln); > >+NWDSCCODE NWDSSetTreeNameW(NWDSContextHandle ctx, const wchar_t* treename); >+ > /************************************************************************ > * * > * NWDS internal server calls * >......................................................................... ># vim: syntax=diff
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=27033">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 63702
:
26776
|
26777
| 27033