]> ruderich.org/simon Gitweb - nsscash/nsscash.git/blobdiff - passwd.go
ruderich.org/simon / nsscash / nsscash.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Check size limits and abort if they are violated
[nsscash/nsscash.git] / passwd.go
diff --git a/passwd.go b/passwd.go
index 54da63b3f30252f65e5c1717318b683686a037c1..c9f4409c2bbb013f99631d251389f2e8d2e85de9 100644 (file)
--- a/passwd.go
+++ b/passwd.go
@@ -23,6 +23,7 @@ import (
        "encoding/binary"
        "fmt"
        "io"
+       "math"
        "sort"
        "strconv"
        "strings"
@@ -103,6 +104,11 @@ func SerializePasswd(p Passwd) ([]byte, error) {
        offShell := uint16(data.Len())
        data.Write([]byte(p.Shell))
        data.WriteByte(0)
+       // Ensure the offsets can fit the length of this entry
+       if data.Len() > math.MaxUint16 {
+               return nil, fmt.Errorf("passwd too large to serialize: %v, %v",
+                       data.Len(), p)
+       }
        size := uint16(data.Len())
 
        var res bytes.Buffer // serialized result
File-based cache for NSS as simple replacement for LDAP or NIS