From e0d3ba69340f9257501681ec516d75f5c5562e6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Thu, 26 Jan 2023 20:58:24 +0100 Subject: [PATCH] commonio: check for path truncations Bail out if the paths generated for the backup and replacement database are truncated. --- lib/commonio.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c index 24c472bc..c6459a2e 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -900,7 +900,7 @@ static int write_all (const struct commonio_db *db) int commonio_close (struct commonio_db *db) { char buf[1024]; - int errors = 0; + int errors = 0, r; struct stat sb; if (!db->isopen) { @@ -932,7 +932,12 @@ int commonio_close (struct commonio_db *db) /* * Create backup file. */ - snprintf (buf, sizeof buf, "%s-", db->filename); + r = snprintf (buf, sizeof buf, "%s-", db->filename); + if (r < 0 || (size_t)r >= sizeof buf) { + (void) fclose (db->fp); + db->fp = NULL; + goto fail; + } #ifdef WITH_SELINUX if (set_selinux_file_context (db->filename, S_IFREG) != 0) { @@ -947,15 +952,15 @@ int commonio_close (struct commonio_db *db) errors++; } + db->fp = NULL; + #ifdef WITH_SELINUX if (reset_selinux_file_context () != 0) { errors++; } #endif - if (errors != 0) { - db->fp = NULL; + if (errors != 0) goto fail; - } } else { /* * Default permissions for new [g]shadow files. @@ -965,7 +970,9 @@ int commonio_close (struct commonio_db *db) sb.st_gid = db->st_gid; } - snprintf (buf, sizeof buf, "%s+", db->filename); + r = snprintf (buf, sizeof buf, "%s+", db->filename); + if (r < 0 || (size_t)r >= sizeof buf) + goto fail; #ifdef WITH_SELINUX if (set_selinux_file_context (db->filename, S_IFREG) != 0) {