]> andersk Git - nss_nonlocal.git/blobdiff - nonlocal-group.c
andersk / nss_nonlocal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Disallow numeric nonlocal user/group names that look like local uid/gids.
[nss_nonlocal.git] / nonlocal-group.c
diff --git a/nonlocal-group.c b/nonlocal-group.c
index af422dda72b4030bcaf0fb69ec7cdb80d06802de..074fc4e3703f356b8978120bdeada04e594c776c 100644 (file)
--- a/nonlocal-group.c
+++ b/nonlocal-group.c
@@ -129,6 +129,19 @@ check_nonlocal_gid(const char *user, gid_t gid, int *errnop)
 enum nss_status
 check_nonlocal_group(const char *user, struct group *grp, int *errnop)
 {
+    enum nss_status status = NSS_STATUS_SUCCESS;
+    int old_errno = errno;
+    char *end;
+    unsigned long gid;
+
+    errno = 0;
+    gid = strtoul(grp->gr_name, &end, 10);
+    if (errno == 0 && *end == '\0' && (gid_t)gid == gid)
+       status = check_nonlocal_gid(user, gid, errnop);
+    errno = old_errno;
+    if (status != NSS_STATUS_SUCCESS)
+       return status;
+
     return check_nonlocal_gid(user, grp->gr_gid, errnop);
 }
 
nss_nonlocal, an nsswitch proxy module to prevent local account spoofing
This page took 0.181216 seconds and 4 git commands to generate.