Fix hardening of string reading from nsssd-switch

4 files changed, 11 insertions, 10 deletions

diff --git a/AUTHORS b/AUTHORS
index 26ef925..de17191 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -9,3 +9,4 @@ Contributors:
 Thanks to:
   A. Wilcox <AWilcox@Wilcox-Tech.com>
   Elizabeth Meyers <elizabeth@interlinked.me>
+  Wolf480pl <wolf480@interia.pl>
diff --git a/src/libnsss/nsss_switch_grp_read.c b/src/libnsss/nsss_switch_grp_read.c
index 47577f0..2fb34bc 100644
--- a/src/libnsss/nsss_switch_grp_read.c
+++ b/src/libnsss/nsss_switch_grp_read.c
@@ -43,13 +43,13 @@ int nsss_switch_grp_read (buffer *b, struct group *gr, stralloc *sa, genalloc *g
   p = sa->s + sa->len ; len = total ;
   q = genalloc_s(char *, ga) + genalloc_len(char *, ga) ;
   grtmp.gr_mem = q ;
-  grtmp.gr_name = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ;
+  grtmp.gr_name = p ; x = strnlen(p, len-1) + 1 ; p += x ; len -= x ;
   if (!len) return (errno = EPROTO, 0) ;
-  grtmp.gr_passwd = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ;
+  grtmp.gr_passwd = p ; x = strnlen(p, len-1) + 1 ; p += x ; len -= x ;
   for (uint32_t i = 0 ; i < n ; i++)
   {
     if (!len) return (errno = EPROTO, 0) ;
-    q[i] = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ;
+    q[i] = p ; x = strnlen(p, len-1) + 1 ; p += x ; len -= x ;
   }
   if (len) return (errno = EPROTO, 0) ;
   q[n] = 0 ;
diff --git a/src/libnsss/nsss_switch_pwd_read.c b/src/libnsss/nsss_switch_pwd_read.c
index 4cfb9c5..8ce9232 100644
--- a/src/libnsss/nsss_switch_pwd_read.c
+++ b/src/libnsss/nsss_switch_pwd_read.c
@@ -38,15 +38,15 @@ int nsss_switch_pwd_read (buffer *b, struct passwd *pw, stralloc *sa, tain const
   if (!buffer_timed_get(b, sa->s + sa->len, total, deadline, stamp)) return 0 ;
   if (sa->s[sa->len + total - 1]) return (errno = EPROTO, 0) ;
   p = sa->s + sa->len ; len = total ;
-  pwtmp.pw_name = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ;
+  pwtmp.pw_name = p ; x = strnlen(p, len-1) + 1 ; p += x ; len -= x ;
   if (!len) return (errno = EPROTO, 0) ;
-  pwtmp.pw_passwd = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ;
+  pwtmp.pw_passwd = p ; x = strnlen(p, len-1) + 1 ; p += x ; len -= x ;
   if (!len) return (errno = EPROTO, 0) ;
-  pwtmp.pw_gecos = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ;
+  pwtmp.pw_gecos = p ; x = strnlen(p, len-1) + 1 ; p += x ; len -= x ;
   if (!len) return (errno = EPROTO, 0) ;
-  pwtmp.pw_dir = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ;
+  pwtmp.pw_dir = p ; x = strnlen(p, len-1) + 1 ; p += x ; len -= x ;
   if (!len) return (errno = EPROTO, 0) ;
-  pwtmp.pw_shell = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ;
+  pwtmp.pw_shell = p ; x = strnlen(p, len-1) + 1 ; p += x ; len -= x ;
   if (len) return (errno = EPROTO, 0) ;
   sa->len += total ;
   *pw = pwtmp ;
diff --git a/src/libnsss/nsss_switch_shadow_read.c b/src/libnsss/nsss_switch_shadow_read.c
index 7d4c2a4..2bb4b7a 100644
--- a/src/libnsss/nsss_switch_shadow_read.c
+++ b/src/libnsss/nsss_switch_shadow_read.c
@@ -47,9 +47,9 @@ int nsss_switch_shadow_read (buffer *b, struct spwd *sp, stralloc *sa, tain cons
   if (!buffer_timed_get(b, sa->s + sa->len, total, deadline, stamp)) return 0 ;
   if (sa->s[sa->len + total - 1]) return (errno = EPROTO, 0) ;
   p = sa->s + sa->len ; len = total ;
-  sptmp.sp_namp = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ;
+  sptmp.sp_namp = p ; x = strnlen(p, len-1) + 1 ; p += x ; len -= x ;
   if (!len) return (errno = EPROTO, 0) ;
-  sptmp.sp_pwdp = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ;
+  sptmp.sp_pwdp = p ; x = strnlen(p, len-1) + 1 ; p += x ; len -= x ;
   if (len) return (errno = EPROTO, 0) ;
   sa->len += total ;
   *sp = sptmp ;