Memory overflow caused by 'basedir regex', bug #567

[netatalk.git] / libatalk / acl / uuid.c

diff --git a/libatalk/acl/uuid.c b/libatalk/acl/uuid.c
index 1ab48a7e391d8ed9331290fae89a3aae63dcc5e3..ff58c3dd2202f562f3b757bca7053a85cbfdf4ca 100644 (file)
--- a/libatalk/acl/uuid.c
+++ b/libatalk/acl/uuid.c
@@ -24,6 +24,7 @@
 #include <sys/types.h>
 #include <pwd.h>
 #include <grp.h>
+#include <arpa/inet.h>
 
 #include <atalk/logger.h>
 #include <atalk/afp.h>
@@ -72,7 +73,7 @@ void localuuid_from_id(unsigned char *buf, uuidtype_t type, unsigned int id)
  * convert ascii string that can include dashes to binary uuid.
  * caller must provide a buffer.
  */
-void uuid_string2bin( const char *uuidstring, uuidp_t uuid) {
+void uuid_string2bin( const char *uuidstring, unsigned char *uuid) {
     int nibble = 1;
     int i = 0;
     unsigned char c, val = 0;
@@ -106,7 +107,7 @@ void uuid_string2bin( const char *uuidstring, uuidp_t uuid) {
  * Use defined or default ascii mask for dash placement
  * Returns pointer to static buffer.
  */
-const char *uuid_bin2string(unsigned char *uuid) {
+const char *uuid_bin2string(const unsigned char *uuid) {
     static char uuidstring[64];
     const char *uuidmask;
     int i = 0;
@@ -143,7 +144,7 @@ const char *uuid_bin2string(unsigned char *uuid) {
  *   uuid: pointer to uuid_t storage that the caller must provide
  * returns 0 on success !=0 on errror
  */
-int getuuidfromname( const char *name, uuidtype_t type, uuidp_t uuid) {
+int getuuidfromname( const char *name, uuidtype_t type, unsigned char *uuid) {
     int ret = 0;
     uuidtype_t mytype = type;
     char nulluuid[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0};
@@ -208,7 +209,6 @@ int getuuidfromname( const char *name, uuidtype_t type, uuidp_t uuid) {
         add_cachebyname(name, uuid, mytype, 0);
     }
 
-cleanup:
 #ifdef HAVE_LDAP
     if (uuid_string) free(uuid_string);
 #endif
@@ -228,6 +228,7 @@ int getnamefromuuid(const uuidp_t uuidp, char **name, uuidtype_t *type) {
     int ret;
     uid_t uid;
     gid_t gid;
+    uint32_t tmp;
     struct passwd *pwd;
     struct group *grp;
 
@@ -249,9 +250,11 @@ int getnamefromuuid(const uuidp_t uuidp, char **name, uuidtype_t *type) {
     /* Check if UUID is a client local one */
     if (memcmp(uuidp, local_user_uuid, 12) == 0) {
         *type = UUID_USER;
-        uid = ntohl(*(uint32_t *)(uuidp + 12));
+        memcpy(&tmp, uuidp + 12, sizeof(uint32_t));
+        uid = ntohl(tmp);
         if ((pwd = getpwuid(uid)) == NULL) {
             /* not found, add negative entry to cache */
+            *name = NULL;
             add_cachebyuuid(uuidp, "UUID_ENOENT", UUID_ENOENT, 0);
             ret = -1;
         } else {
@@ -261,11 +264,12 @@ int getnamefromuuid(const uuidp_t uuidp, char **name, uuidtype_t *type) {
         }
         LOG(log_debug, logtype_afpd,
             "getnamefromuuid{local}: UUID: %s -> name: %s, type:%s",
-            uuid_bin2string(uuidp), *name, uuidtype[(*type) & UUIDTYPESTR_MASK]);
+            uuid_bin2string(uuidp), *name ? *name : "-", uuidtype[(*type) & UUIDTYPESTR_MASK]);
         return ret;
     } else if (memcmp(uuidp, local_group_uuid, 12) == 0) {
         *type = UUID_GROUP;
-        gid = ntohl(*(uint32_t *)(uuidp + 12));
+        memcpy(&tmp, uuidp + 12, sizeof(uint32_t));
+        gid = ntohl(tmp);
         if ((grp = getgrgid(gid)) == NULL) {
             /* not found, add negative entry to cache */
             add_cachebyuuid(uuidp, "UUID_ENOENT", UUID_ENOENT, 0);