Don't let yp_match() or yp_next() operate on null or empty keys: asking

ypserv to do a yp_match() with an a null or empty key causes much havok. (Note that this could be construed as a denial of service attack if used maliciously.)
author: wpaul <wpaul@FreeBSD.org> 1995-03-23 22:23:15 +0000
committer: wpaul <wpaul@FreeBSD.org> 1995-03-23 22:23:15 +0000
commit: 7cd88703a8ca8c45c2a9e08e6eedbabc380b0734 (patch)
tree: 39d7b9d41b9c4d5dcced28d88862222c09c8e8bd /lib
parent: 77a782d587a39905e0b59d730a755c5eab1c5951 (diff)
download: FreeBSD-src-7cd88703a8ca8c45c2a9e08e6eedbabc380b0734.zip
FreeBSD-src-7cd88703a8ca8c45c2a9e08e6eedbabc380b0734.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/libc/yp/yplib.c b/lib/libc/yp/yplib.c
index 1187a66..f9d881d 100644
--- a/lib/libc/yp/yplib.c
+++ b/lib/libc/yp/yplib.c
@@ -28,7 +28,7 @@
  */
 
 #ifndef LINT
-static char *rcsid = "$Id: yplib.c,v 1.1 1994/08/07 23:04:55 wollman Exp $";
+static char *rcsid = "$Id: yplib.c,v 1.2 1995/03/21 00:48:55 wpaul Exp $";
 #endif
 
 #include <sys/param.h>
@@ -380,6 +380,11 @@ int *outvallen;
 	*outval = NULL;
 	*outvallen = 0;
 
+	/* Sanity check: no null keys allowed! */
+
+	if (inkey == NULL || *inkey == '\0')
+		return YPERR_KEY;
+
 again:
 	if( _yp_dobind(indomain, &ysd) != 0)
 		return YPERR_DOMAIN;
@@ -510,6 +515,11 @@ int *outvallen;
 	*outkey = *outval = NULL;
 	*outkeylen = *outvallen = 0;
 
+	/* Sanity check: no null keys allowed! */
+
+	if (inkey == NULL || *inkey == '\0')
+		return YPERR_KEY;
+
 again:
 	if( _yp_dobind(indomain, &ysd) != 0)
 		return YPERR_DOMAIN;
author	wpaul <wpaul@FreeBSD.org>	1995-03-23 22:23:15 +0000
committer	wpaul <wpaul@FreeBSD.org>	1995-03-23 22:23:15 +0000
commit	7cd88703a8ca8c45c2a9e08e6eedbabc380b0734 (patch)
tree	39d7b9d41b9c4d5dcced28d88862222c09c8e8bd /lib
parent	77a782d587a39905e0b59d730a755c5eab1c5951 (diff)
download	FreeBSD-src-7cd88703a8ca8c45c2a9e08e6eedbabc380b0734.zip FreeBSD-src-7cd88703a8ca8c45c2a9e08e6eedbabc380b0734.tar.gz