diff options
| author | Jeff Layton <jlayton@samba.org> | 2014-04-20 20:41:05 -0400 |
|---|---|---|
| committer | Jeff Layton <jlayton@samba.org> | 2014-04-20 20:41:08 -0400 |
| commit | 3da4c43b575498be86c87a2ac3f3142e3cab1c59 (patch) | |
| tree | 172aef6b75c84b6894c213c7fc3ba4ff0e208ddc | |
| parent | 0c521d5060035da655107001374e08873ac5dde8 (diff) | |
| download | cifs-utils-3da4c43b575498be86c87a2ac3f3142e3cab1c59.tar.gz cifs-utils-3da4c43b575498be86c87a2ac3f3142e3cab1c59.tar.bz2 cifs-utils-3da4c43b575498be86c87a2ac3f3142e3cab1c59.zip | |
cifscreds: better error handling when key_search fails
If we ended up getting a bogus string that would have overflowed, then
make key_search set errno to EINVAL before returning. The callers can
then test to see if the returned error is what was expected or something
else and handle it appropriately.
Cc: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Jeff Layton <jlayton@samba.org>
| -rw-r--r-- | cifscreds.c | 9 | ||||
| -rw-r--r-- | cifskey.c | 5 | ||||
| -rw-r--r-- | pam_cifscreds.c | 9 |
3 files changed, 22 insertions, 1 deletions
diff --git a/cifscreds.c b/cifscreds.c index fa05dc8..64d55b0 100644 --- a/cifscreds.c +++ b/cifscreds.c @@ -188,6 +188,15 @@ static int cifscreds_add(struct cmdarg *arg) return EXIT_FAILURE; } + switch(errno) { + case ENOKEY: + /* success */ + break; + default: + printf("Key search failed: %s\n", strerror(errno)); + return EXIT_FAILURE; + } + currentaddress = nextaddress; if (currentaddress) { *(currentaddress - 1) = ','; @@ -20,6 +20,7 @@ #include <sys/types.h> #include <keyutils.h> #include <stdio.h> +#include <errno.h> #include "cifskey.h" #include "resolve_host.h" @@ -29,8 +30,10 @@ key_search(const char *addr, char keytype) { char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4]; - if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) + if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) { + errno = EINVAL; return -1; + } return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0); } diff --git a/pam_cifscreds.c b/pam_cifscreds.c index e0d8a55..fb23117 100644 --- a/pam_cifscreds.c +++ b/pam_cifscreds.c @@ -206,6 +206,15 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas return PAM_SERVICE_ERR; } + switch(errno) { + case ENOKEY: + break; + default: + pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)", + currentaddress, strerror(errno)); + return PAM_SERVICE_ERR; + } + currentaddress = nextaddress; if (currentaddress) { *(currentaddress - 1) = ','; |