Subject: bin/24320: "identd -r" reports non-random data when getpwuid() fails
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <apb@cequrux.com>
List: netbsd-bugs
Date: 02/05/2004 10:10:56
>Number: 24320
>Category: bin
>Synopsis: "identd -r" reports non-random data when getpwuid() fails
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Feb 05 08:12:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Alan Barrett
>Release: NetBSD 1.6ZI
>Organization:
Not much
>Environment:
src/libexec/identd revision 1.21
>Description:
If the new identd finds that getpwuid() fails, then it immediately sends
a response that includes the numeric uid. This is not appropriate when
the "-r" (random) option is in effect; what it should do is send a
random response, as usual, but use the numeric uid instead of the user
name in log messages.
>How-To-Repeat:
Code inspection.
>Fix:
Apply the appended patch, which also improves some log messages.
Index: src/libexec/identd/identd.c
--- identd.c 31 Jan 2004 22:03:31 -0000 1.21
+++ identd.c 4 Feb 2004 09:00:35 -0000
@@ -263,8 +263,8 @@
const char *user, int timeout)
{
struct sockaddr_storage ss[2];
- char userbuf[LOGIN_NAME_MAX];
- char idbuf[LOGIN_NAME_MAX];
+ char userbuf[LOGIN_NAME_MAX]; /* actual user name (or numeric uid) */
+ char idbuf[LOGIN_NAME_MAX]; /* name to be used in response */
char buf[BUFSIZ], *p;
int n, lport, fport;
struct passwd *pw;
@@ -368,21 +368,20 @@
return 1;
}
- /* Get username with the uid */
+ /* Fill in userbuf with user name if possible, else numeric uid */
if ((pw = getpwuid(uid)) == NULL) {
if (lflag)
syslog(LOG_ERR, "Couldn't map uid (%u) to name", uid);
- (void)snprintf(idbuf, sizeof(idbuf), "%u", uid);
- idparse(fd, lport, fport, charset, osname, idbuf);
- return 0;
+ (void)snprintf(userbuf, sizeof(userbuf), "%u", uid);
+ } else {
+ if (lflag)
+ syslog(LOG_INFO, "Successfull lookup: %d, %d: %s for %s",
+ lport, fport, pw->pw_name, gethost(&ss[0]));
+ (void)strlcpy(userbuf, pw->pw_name, sizeof(userbuf));
}
- if (lflag)
- syslog(LOG_INFO, "Successfull lookup: %d, %d: %s for %s",
- lport, fport, pw->pw_name, gethost(&ss[0]));
-
/* No ident enabled? */
- if (Nflag && check_noident(pw->pw_dir)) {
+ if (Nflag && pw && check_noident(pw->pw_dir)) {
if (lflag)
syslog(LOG_NOTICE, "Returning HIDDEN-USER for user %s"
" to %s", pw->pw_name, gethost(&ss[0]));
@@ -391,17 +390,20 @@
}
/* User ident enabled ? */
- if (iflag && check_userident(pw->pw_dir, idbuf, sizeof(idbuf))) {
- (void)strlcpy(userbuf, pw->pw_name, sizeof(userbuf));
+ if (iflag && pw && check_userident(pw->pw_dir, idbuf, sizeof(idbuf))) {
if (!Iflag) {
- if (strspn(idbuf, "0123456789") &&
+ if ((strspn(idbuf, "0123456789") &&
getpwuid(atoi(idbuf)) != NULL)
+ || (getpwnam(idbuf) != NULL)) {
+ if (lflag)
+ syslog(LOG_NOTICE,
+ "Ignoring user-specified '%s' for "
+ "user %s", idbuf, userbuf);
(void)strlcpy(idbuf, userbuf, sizeof(idbuf));
- else if (getpwnam(idbuf) != NULL)
- (void)strlcpy(idbuf, userbuf, sizeof(idbuf));
+ }
}
if (lflag)
- syslog(LOG_NOTICE, "Returning user specified '%s' for "
+ syslog(LOG_NOTICE, "Returning user-specified '%s' for "
"user %s to %s", idbuf, userbuf, gethost(&ss[0]));
idparse(fd, lport, fport, charset, osname, idbuf);
return 0;
@@ -418,7 +420,7 @@
if (lflag)
syslog(LOG_NOTICE, "Returning random '%s' for user %s"
- " to %s", idbuf, pw->pw_name, gethost(&ss[0]));
+ " to %s", idbuf, userbuf, gethost(&ss[0]));
idparse(fd, lport, fport, charset, osname, idbuf);
return 0;
}
@@ -427,7 +429,7 @@
if (nflag)
(void)snprintf(idbuf, sizeof(idbuf), "%u", uid);
else
- (void)strlcpy(idbuf, pw->pw_name, sizeof(idbuf));
+ (void)strlcpy(idbuf, userbuf, sizeof(idbuf));
if (Fflag) {
/* RFC 1413 says that 512 is the limit */
>Release-Note:
>Audit-Trail:
>Unformatted: