URL:
https://github.com/SSSD/sssd/pull/455
Title: #455: mmap_cache: make checks independent of input size
sumit-bose commented:
"""
In the latest version I included the 'key->len > strs_len' check and
modified the check if strs_len points out of the data section to avoid an overrun.
I kept the memchr() check mainly for the initgroups cache data. For passwd and group the
first element in the string/data area is the name and hence 'key->len >
strs_len' makes sure the strcmp() will not read pass the current object. For the
initgroups data the name is 'somewhere' in the data area because the data starts
with a list of GIDs. So to avoid that strcmp() goes pass the end of the data area with a
long key in the case of a corruption the "length" of t_key has to be determined.
Using strnlen() would be possible as well but imo memchr() is more clear here.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/455#issuecomment-346757406