1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

auth:creds: Add sanity check for env variables

CID 710829

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2021-04-27 16:11:48 +02:00 committed by Andrew Bartlett
parent 5dd3a0cc17
commit f7ff694cdd

View File

@ -1157,36 +1157,63 @@ _PUBLIC_ bool cli_credentials_set_conf(struct cli_credentials *cred,
_PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
struct loadparm_context *lp_ctx)
{
char *p;
const char *error_string;
const char *env = NULL;
if (lp_ctx != NULL) {
cli_credentials_set_conf(cred, lp_ctx);
}
if (getenv("LOGNAME")) {
cli_credentials_set_username(cred, getenv("LOGNAME"), CRED_GUESS_ENV);
}
env = getenv("LOGNAME");
if (env != NULL) {
size_t len = strlen(env);
if (getenv("USER")) {
cli_credentials_parse_string(cred, getenv("USER"), CRED_GUESS_ENV);
if ((p = strchr_m(getenv("USER"),'%'))) {
memset(p,0,strlen(cred->password));
if (len > 0 && len <= 1024) {
cli_credentials_set_username(cred, env, CRED_GUESS_ENV);
}
}
if (getenv("PASSWD")) {
cli_credentials_set_password(cred, getenv("PASSWD"), CRED_GUESS_ENV);
env = getenv("USER");
if (env != NULL) {
size_t len = strlen(env);
if (len > 0 && len <= 1024) {
char *p = NULL;
cli_credentials_parse_string(cred, env, CRED_GUESS_ENV);
if ((p = strchr_m(env, '%'))) {
memset(p, '\0', strlen(cred->password));
}
}
}
if (getenv("PASSWD_FD")) {
cli_credentials_parse_password_fd(cred, atoi(getenv("PASSWD_FD")),
CRED_GUESS_FILE);
env = getenv("PASSWD");
if (env != NULL) {
size_t len = strlen(env);
if (len > 0 && len <= 1024) {
cli_credentials_set_password(cred, env, CRED_GUESS_ENV);
}
}
p = getenv("PASSWD_FILE");
if (p && p[0]) {
cli_credentials_parse_password_file(cred, p, CRED_GUESS_FILE);
env = getenv("PASSWD");
if (env != NULL) {
size_t len = strlen(env);
if (len > 0 && len <= 1024) {
int fd = atoi(env);
cli_credentials_parse_password_fd(cred, fd, CRED_GUESS_FILE);
}
}
env = getenv("PASSWD_FILE");
if (env != NULL) {
size_t len = strlen(env);
if (len > 0 && len <= 4096) {
cli_credentials_parse_password_file(cred, env, CRED_GUESS_FILE);
}
}
if (lp_ctx != NULL &&