summaryrefslogtreecommitdiff
path: root/extra/cifs-utils/0004-cifscreds-better-error-handling-when-key_search-fail.patch
blob: cf57eea7b4163a085239f93f8102679d04e7ac34 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

From 3da4c43b575498be86c87a2ac3f3142e3cab1c59 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@samba.org>
Date: Sun, 20 Apr 2014 20:41:05 -0400
Subject: [PATCH] cifscreds: better error handling when key_search fails

If we ended up getting a bogus string that would have overflowed, then
make key_search set errno to EINVAL before returning. The callers can
then test to see if the returned error is what was expected or something
else and handle it appropriately.

Cc: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Jeff Layton <jlayton@samba.org>
---
 cifscreds.c     | 9 +++++++++
 cifskey.c       | 5 ++++-
 pam_cifscreds.c | 9 +++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/cifscreds.c b/cifscreds.c
index fa05dc8..64d55b0 100644
--- a/cifscreds.c
+++ b/cifscreds.c
@@ -188,6 +188,15 @@ static int cifscreds_add(struct cmdarg *arg)
 			return EXIT_FAILURE;
 		}
 
+		switch(errno) {
+		case ENOKEY:
+			/* success */
+			break;
+		default:
+			printf("Key search failed: %s\n", strerror(errno));
+			return EXIT_FAILURE;
+		}
+
 		currentaddress = nextaddress;
 		if (currentaddress) {
 			*(currentaddress - 1) = ',';
diff --git a/cifskey.c b/cifskey.c
index e89cacf..4f01ed0 100644
--- a/cifskey.c
+++ b/cifskey.c
@@ -20,6 +20,7 @@
 #include <sys/types.h>
 #include <keyutils.h>
 #include <stdio.h>
+#include <errno.h>
 #include "cifskey.h"
 #include "resolve_host.h"
 
@@ -29,8 +30,10 @@ key_search(const char *addr, char keytype)
 {
 	char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4];
 
-	if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc))
+	if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) {
+		errno = EINVAL;
 		return -1;
+	}
 
 	return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0);
 }
diff --git a/pam_cifscreds.c b/pam_cifscreds.c
index e0d8a55..fb23117 100644
--- a/pam_cifscreds.c
+++ b/pam_cifscreds.c
@@ -206,6 +206,15 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas
 			return PAM_SERVICE_ERR;
 		}
 
+		switch(errno) {
+		case ENOKEY:
+			break;
+		default:
+			pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)",
+					currentaddress, strerror(errno));
+			return PAM_SERVICE_ERR;
+		}
+
 		currentaddress = nextaddress;
 		if (currentaddress) {
 			*(currentaddress - 1) = ',';
-- 
1.8.4.2
generated by cgit v1.2.2 (git 2.25.0) at 2024-05-13 11:08:55 +0000