aboutsummaryrefslogtreecommitdiff
path: root/nscd
diff options
context:
space:
mode:
authorJakub Jelinek <jakub@redhat.com>2007-07-31 13:33:18 +0000
committerJakub Jelinek <jakub@redhat.com>2007-07-31 13:33:18 +0000
commit32c075e1f01849e161724bbd400ba77244e482cc (patch)
tree5f083a3f352104f32bb6c902d57fa3f294bd8d4d /nscd
parentd6220e9ee38c1c9285221b023346201ec5f511b3 (diff)
downloadglibc-32c075e1f01849e161724bbd400ba77244e482cc.tar
glibc-32c075e1f01849e161724bbd400ba77244e482cc.tar.gz
glibc-32c075e1f01849e161724bbd400ba77244e482cc.tar.bz2
glibc-32c075e1f01849e161724bbd400ba77244e482cc.zip
.
Diffstat (limited to 'nscd')
-rw-r--r--nscd/Makefile2
-rw-r--r--nscd/cache.c2
-rw-r--r--nscd/gai.c5
-rw-r--r--nscd/grpcache.c3
-rw-r--r--nscd/nscd-client.h10
-rw-r--r--nscd/nscd.c4
-rw-r--r--nscd/nscd.init9
-rw-r--r--nscd/nscd_getai.c71
-rw-r--r--nscd/nscd_getgr_r.c108
-rw-r--r--nscd/nscd_gethst_r.c147
-rw-r--r--nscd/nscd_getpw_r.c70
-rw-r--r--nscd/nscd_helper.c43
-rw-r--r--nscd/nscd_initgroups.c62
-rw-r--r--nscd/pwdcache.c3
-rw-r--r--nscd/selinux.c18
-rw-r--r--nscd/selinux.h4
16 files changed, 339 insertions, 222 deletions
diff --git a/nscd/Makefile b/nscd/Makefile
index 21657abeb7..9c98018217 100644
--- a/nscd/Makefile
+++ b/nscd/Makefile
@@ -119,7 +119,9 @@ CFLAGS-initgrcache.c += $(nscd-cflags)
CFLAGS-gai.c += $(nscd-cflags)
ifeq (yesyes,$(have-fpie)$(build-shared))
+ifeq (yes,$(have-z-relro))
relro-LDFLAGS += -Wl,-z,now
+endif
$(objpfx)nscd: $(addprefix $(objpfx),$(nscd-modules:=.o))
$(LINK.o) -pie -Wl,-O1 $(nscd-cflags) \
diff --git a/nscd/cache.c b/nscd/cache.c
index ef986f374a..be9be2aa4f 100644
--- a/nscd/cache.c
+++ b/nscd/cache.c
@@ -125,7 +125,7 @@ cache_add (int type, const void *key, size_t len, struct datahead *packet,
dbg_log (_("add new entry \"%s\" of type %s for %s to cache%s"),
str, serv2str[type], dbnames[table - dbs],
- first ? _(" (first)") : "");
+ first ? " (first)" : "");
}
unsigned long int hash = __nis_hash (key, len) % table->head->module;
diff --git a/nscd/gai.c b/nscd/gai.c
index 2e706bdfe7..68719d876a 100644
--- a/nscd/gai.c
+++ b/nscd/gai.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 2004.
@@ -15,6 +15,7 @@
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+#include <alloca.h>
/* This file uses the getaddrinfo code but it compiles it without NSCD
support. We just need a few symbol renames. */
#define __getservbyname_r getservbyname_r
@@ -26,6 +27,8 @@
#define __sendto sendto
#define __strchrnul strchrnul
#define __getline getline
+/* nscd uses 1MB or 2MB thread stacks. */
+#define __libc_use_alloca(size) (size <= __MAX_ALLOCA_CUTOFF)
#include <getaddrinfo.c>
diff --git a/nscd/grpcache.c b/nscd/grpcache.c
index 5a8fba4759..c207492cc0 100644
--- a/nscd/grpcache.c
+++ b/nscd/grpcache.c
@@ -1,5 +1,5 @@
/* Cache handling for group lookup.
- Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc.
+ Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
@@ -279,6 +279,7 @@ cache_addgr (struct database_dyn *db, int fd, request_header *req,
/* Adjust pointers into the memory block. */
gr_name = (char *) newp + (gr_name - (char *) dataset);
cp = (char *) newp + (cp - (char *) dataset);
+ key_copy = (char *) newp + (key_copy - (char *) dataset);
dataset = memcpy (newp, dataset, total + n);
alloca_used = false;
diff --git a/nscd/nscd-client.h b/nscd/nscd-client.h
index 0fd2d9f547..8946b6315b 100644
--- a/nscd/nscd-client.h
+++ b/nscd/nscd-client.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 1998, 1999, 2000, 2003, 2004, 2005, 2006
+/* Copyright (c) 1998, 1999, 2000, 2003, 2004, 2005, 2006, 2007
Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
@@ -307,10 +307,10 @@ static inline int __nscd_drop_map_ref (struct mapped_database *map,
/* Search the mapped database. */
-extern const struct datahead *__nscd_cache_search (request_type type,
- const char *key,
- size_t keylen,
- const struct mapped_database *mapped);
+extern struct datahead *__nscd_cache_search (request_type type,
+ const char *key,
+ size_t keylen,
+ const struct mapped_database *mapped);
/* Wrappers around read, readv and write that only read/write less than LEN
bytes on error or EOF. */
diff --git a/nscd/nscd.c b/nscd/nscd.c
index b68ae2f413..add4698406 100644
--- a/nscd/nscd.c
+++ b/nscd/nscd.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1998-2006, 2007 Free Software Foundation, Inc.
+/* Copyright (c) 1998-2003, 2004, 2005, 2006 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
@@ -402,7 +402,7 @@ print_version (FILE *stream, struct argp_state *state)
Copyright (C) %s Free Software Foundation, Inc.\n\
This is free software; see the source for copying conditions. There is NO\n\
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
-"), "2007");
+"), "2006");
fprintf (stream, gettext ("Written by %s.\n"),
"Thorsten Kukuk and Ulrich Drepper");
}
diff --git a/nscd/nscd.init b/nscd/nscd.init
index a882da7d8b..a0074b99e5 100644
--- a/nscd/nscd.init
+++ b/nscd/nscd.init
@@ -49,8 +49,15 @@ prog=nscd
start () {
[ -d /var/run/nscd ] || mkdir /var/run/nscd
[ -d /var/db/nscd ] || mkdir /var/db/nscd
+ secure=""
+# for table in passwd group hosts
+# do
+# if egrep -q '^'$table':.*nisplus' /etc/nsswitch.conf; then
+# /usr/lib/nscd_nischeck $table || secure="$secure -S $table,yes"
+# fi
+# done
echo -n $"Starting $prog: "
- daemon /usr/sbin/nscd
+ daemon /usr/sbin/nscd $secure
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/nscd
diff --git a/nscd/nscd_getai.c b/nscd/nscd_getai.c
index b59c31ea26..5df32dc6dc 100644
--- a/nscd/nscd_getai.c
+++ b/nscd/nscd_getai.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@redhat.com>, 2004.
@@ -42,6 +42,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
{
size_t keylen = strlen (key) + 1;
int gc_cycle;
+ int nretries = 0;
/* If the mapping is available, try to search there instead of
communicating with the nscd. */
@@ -50,49 +51,53 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
&gc_cycle);
retry:;
- const ai_response_header *ai_resp = NULL;
struct nscd_ai_result *resultbuf = NULL;
const char *recend = (const char *) ~UINTMAX_C (0);
char *respdata = NULL;
int retval = -1;
int sock = -1;
+ ai_response_header ai_resp;
if (mapped != NO_MAPPING)
{
- const struct datahead *found = __nscd_cache_search (GETAI, key, keylen,
- mapped);
+ struct datahead *found = __nscd_cache_search (GETAI, key, keylen,
+ mapped);
if (found != NULL)
{
- ai_resp = &found->data[0].aidata;
- respdata = (char *) (ai_resp + 1);
+ respdata = (char *) (&found->data[0].aidata + 1);
+ ai_resp = found->data[0].aidata;
recend = (const char *) found->data + found->recsize;
+ /* Now check if we can trust ai_resp fields. If GC is
+ in progress, it can contain anything. */
+ if (mapped->head->gc_cycle != gc_cycle)
+ {
+ retval = -2;
+ goto out;
+ }
}
}
/* If we do not have the cache mapped, try to get the data over the
socket. */
- ai_response_header ai_resp_mem;
- if (ai_resp == NULL)
+ if (respdata == NULL)
{
- sock = __nscd_open_socket (key, keylen, GETAI, &ai_resp_mem,
- sizeof (ai_resp_mem));
+ sock = __nscd_open_socket (key, keylen, GETAI, &ai_resp,
+ sizeof (ai_resp));
if (sock == -1)
{
/* nscd not running or wrong version. */
__nss_not_use_nscd_hosts = 1;
goto out;
}
-
- ai_resp = &ai_resp_mem;
}
- if (ai_resp->found == 1)
+ if (ai_resp.found == 1)
{
- size_t datalen = ai_resp->naddrs + ai_resp->addrslen + ai_resp->canonlen;
+ size_t datalen = ai_resp.naddrs + ai_resp.addrslen + ai_resp.canonlen;
- /* This check is really only affects the case where the data
+ /* This check really only affects the case where the data
comes from the mapped cache. */
- if ((char *) (ai_resp + 1) + datalen > recend)
+ if (respdata + datalen > recend)
{
assert (sock == -1);
goto out;
@@ -108,10 +113,10 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
}
/* Set up the data structure, including pointers. */
- resultbuf->naddrs = ai_resp->naddrs;
+ resultbuf->naddrs = ai_resp.naddrs;
resultbuf->addrs = (char *) (resultbuf + 1);
- resultbuf->family = (uint8_t *) (resultbuf->addrs + ai_resp->addrslen);
- if (ai_resp->canonlen != 0)
+ resultbuf->family = (uint8_t *) (resultbuf->addrs + ai_resp.addrslen);
+ if (ai_resp.canonlen != 0)
resultbuf->canon = (char *) (resultbuf->family + resultbuf->naddrs);
else
resultbuf->canon = NULL;
@@ -137,10 +142,13 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
/* Try to detect corrupt databases. */
if (resultbuf->canon != NULL
- && resultbuf->canon[ai_resp->canonlen - 1] != '\0')
+ && resultbuf->canon[ai_resp.canonlen - 1] != '\0')
/* We cannot use the database. */
{
- free (resultbuf);
+ if (mapped->head->gc_cycle != gc_cycle)
+ retval = -2;
+ else
+ free (resultbuf);
goto out_close;
}
@@ -150,7 +158,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
}
else
{
- if (__builtin_expect (ai_resp->found == -1, 0))
+ if (__builtin_expect (ai_resp.found == -1, 0))
{
/* The daemon does not cache this database. */
__nss_not_use_nscd_hosts = 1;
@@ -158,7 +166,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
}
/* Store the error number. */
- *h_errnop = ai_resp->error;
+ *h_errnop = ai_resp.error;
/* The `errno' to some value != ERANGE. */
__set_errno (ENOENT);
@@ -170,22 +178,25 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
if (sock != -1)
close_not_cancel_no_status (sock);
out:
- if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
+ if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
{
/* When we come here this means there has been a GC cycle while we
were looking for the data. This means the data might have been
inconsistent. Retry if possible. */
- if ((gc_cycle & 1) != 0)
+ if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
{
/* nscd is just running gc now. Disable using the mapping. */
- __nscd_unmap (mapped);
+ if (atomic_decrement_val (&mapped->counter) == 0)
+ __nscd_unmap (mapped);
mapped = NO_MAPPING;
}
- *result = NULL;
- free (resultbuf);
-
- goto retry;
+ if (retval != -1)
+ {
+ *result = NULL;
+ free (resultbuf);
+ goto retry;
+ }
}
return retval;
diff --git a/nscd/nscd_getgr_r.c b/nscd/nscd_getgr_r.c
index 922b906c19..fc036f2888 100644
--- a/nscd/nscd_getgr_r.c
+++ b/nscd/nscd_getgr_r.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1998-2000, 2002-2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 1998-2000, 2002-2005, 2006, 2007
+ Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998.
@@ -88,6 +89,7 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
struct group **result)
{
int gc_cycle;
+ int nretries = 0;
const uint32_t *len = NULL;
size_t lensize = 0;
@@ -97,55 +99,59 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
&__gr_map_handle,
&gc_cycle);
retry:;
- const gr_response_header *gr_resp = NULL;
const char *gr_name = NULL;
size_t gr_name_len = 0;
int retval = -1;
const char *recend = (const char *) ~UINTMAX_C (0);
+ gr_response_header gr_resp;
if (mapped != NO_MAPPING)
{
- const struct datahead *found = __nscd_cache_search (type, key, keylen,
- mapped);
+ struct datahead *found = __nscd_cache_search (type, key, keylen, mapped);
if (found != NULL)
{
- gr_resp = &found->data[0].grdata;
- len = (const uint32_t *) (gr_resp + 1);
- /* The alignment is always sufficient. */
- assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0);
+ len = (const uint32_t *) (&found->data[0].grdata + 1);
+ gr_resp = found->data[0].grdata;
gr_name = ((const char *) len
- + gr_resp->gr_mem_cnt * sizeof (uint32_t));
- gr_name_len = gr_resp->gr_name_len + gr_resp->gr_passwd_len;
+ + gr_resp.gr_mem_cnt * sizeof (uint32_t));
+ gr_name_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
recend = (const char *) found->data + found->recsize;
+ /* Now check if we can trust gr_resp fields. If GC is
+ in progress, it can contain anything. */
+ if (mapped->head->gc_cycle != gc_cycle)
+ {
+ retval = -2;
+ goto out;
+ }
+
+ /* The alignment is always sufficient, unless GC is in progress. */
+ assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0);
}
}
- gr_response_header gr_resp_mem;
int sock = -1;
- if (gr_resp == NULL)
+ if (gr_name == NULL)
{
- sock = __nscd_open_socket (key, keylen, type, &gr_resp_mem,
- sizeof (gr_resp_mem));
+ sock = __nscd_open_socket (key, keylen, type, &gr_resp,
+ sizeof (gr_resp));
if (sock == -1)
{
__nss_not_use_nscd_group = 1;
goto out;
}
-
- gr_resp = &gr_resp_mem;
}
/* No value found so far. */
*result = NULL;
- if (__builtin_expect (gr_resp->found == -1, 0))
+ if (__builtin_expect (gr_resp.found == -1, 0))
{
/* The daemon does not cache this database. */
__nss_not_use_nscd_group = 1;
goto out_close;
}
- if (gr_resp->found == 1)
+ if (gr_resp.found == 1)
{
struct iovec vec[2];
char *p = buffer;
@@ -157,8 +163,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
align the pointer. */
align = ((__alignof__ (char *) - (p - ((char *) 0)))
& (__alignof__ (char *) - 1));
- total_len = (align + (1 + gr_resp->gr_mem_cnt) * sizeof (char *)
- + gr_resp->gr_name_len + gr_resp->gr_passwd_len);
+ total_len = (align + (1 + gr_resp.gr_mem_cnt) * sizeof (char *)
+ + gr_resp.gr_name_len + gr_resp.gr_passwd_len);
if (__builtin_expect (buflen < total_len, 0))
{
no_room:
@@ -170,16 +176,16 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
p += align;
resultbuf->gr_mem = (char **) p;
- p += (1 + gr_resp->gr_mem_cnt) * sizeof (char *);
+ p += (1 + gr_resp.gr_mem_cnt) * sizeof (char *);
/* Set pointers for strings. */
resultbuf->gr_name = p;
- p += gr_resp->gr_name_len;
+ p += gr_resp.gr_name_len;
resultbuf->gr_passwd = p;
- p += gr_resp->gr_passwd_len;
+ p += gr_resp.gr_passwd_len;
/* Fill in what we know now. */
- resultbuf->gr_gid = gr_resp->gr_gid;
+ resultbuf->gr_gid = gr_resp.gr_gid;
/* Read the length information, group name, and password. */
if (gr_name == NULL)
@@ -187,17 +193,17 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
/* Allocate array to store lengths. */
if (lensize == 0)
{
- lensize = gr_resp->gr_mem_cnt * sizeof (uint32_t);
+ lensize = gr_resp.gr_mem_cnt * sizeof (uint32_t);
len = (uint32_t *) alloca (lensize);
}
- else if (gr_resp->gr_mem_cnt * sizeof (uint32_t) > lensize)
+ else if (gr_resp.gr_mem_cnt * sizeof (uint32_t) > lensize)
len = extend_alloca (len, lensize,
- gr_resp->gr_mem_cnt * sizeof (uint32_t));
+ gr_resp.gr_mem_cnt * sizeof (uint32_t));
vec[0].iov_base = (void *) len;
- vec[0].iov_len = gr_resp->gr_mem_cnt * sizeof (uint32_t);
+ vec[0].iov_len = gr_resp.gr_mem_cnt * sizeof (uint32_t);
vec[1].iov_base = resultbuf->gr_name;
- vec[1].iov_len = gr_resp->gr_name_len + gr_resp->gr_passwd_len;
+ vec[1].iov_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
total_len = vec[0].iov_len + vec[1].iov_len;
/* Get this data. */
@@ -209,14 +215,14 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
/* We already have the data. Just copy the group name and
password. */
memcpy (resultbuf->gr_name, gr_name,
- gr_resp->gr_name_len + gr_resp->gr_passwd_len);
+ gr_resp.gr_name_len + gr_resp.gr_passwd_len);
/* Clear the terminating entry. */
- resultbuf->gr_mem[gr_resp->gr_mem_cnt] = NULL;
+ resultbuf->gr_mem[gr_resp.gr_mem_cnt] = NULL;
/* Prepare reading the group members. */
total_len = 0;
- for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt)
+ for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt)
{
resultbuf->gr_mem[cnt] = p;
total_len += len[cnt];
@@ -224,9 +230,25 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
}
if (__builtin_expect (gr_name + gr_name_len + total_len > recend, 0))
- goto out_close;
+ {
+ /* len array might contain garbage during nscd GC cycle,
+ retry rather than fail in that case. */
+ if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle)
+ retval = -2;
+ goto out_close;
+ }
if (__builtin_expect (total_len > buflen, 0))
- goto no_room;
+ {
+ /* len array might contain garbage during nscd GC cycle,
+ retry rather than fail in that case. */
+ if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle)
+ {
+ retval = -2;
+ goto out_close;
+ }
+ else
+ goto no_room;
+ }
retval = 0;
if (gr_name == NULL)
@@ -248,14 +270,14 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
/* Try to detect corrupt databases. */
if (resultbuf->gr_name[gr_name_len - 1] != '\0'
- || resultbuf->gr_passwd[gr_resp->gr_passwd_len - 1] != '\0'
- || ({for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt)
+ || resultbuf->gr_passwd[gr_resp.gr_passwd_len - 1] != '\0'
+ || ({for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt)
if (resultbuf->gr_mem[cnt][len[cnt] - 1] != '\0')
break;
- cnt < gr_resp->gr_mem_cnt; }))
+ cnt < gr_resp.gr_mem_cnt; }))
{
/* We cannot use the database. */
- retval = -1;
+ retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1;
goto out_close;
}
@@ -274,19 +296,21 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
if (sock != -1)
close_not_cancel_no_status (sock);
out:
- if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
+ if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
{
/* When we come here this means there has been a GC cycle while we
were looking for the data. This means the data might have been
inconsistent. Retry if possible. */
- if ((gc_cycle & 1) != 0)
+ if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
{
/* nscd is just running gc now. Disable using the mapping. */
- __nscd_unmap (mapped);
+ if (atomic_decrement_val (&mapped->counter) == 0)
+ __nscd_unmap (mapped);
mapped = NO_MAPPING;
}
- goto retry;
+ if (retval != -1)
+ goto retry;
}
return retval;
diff --git a/nscd/nscd_gethst_r.c b/nscd/nscd_gethst_r.c
index 516977bcc4..90e1815bdd 100644
--- a/nscd/nscd_gethst_r.c
+++ b/nscd/nscd_gethst_r.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
@@ -118,7 +118,6 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
&gc_cycle);
retry:;
- const hst_response_header *hst_resp = NULL;
const char *h_name = NULL;
const uint32_t *aliases_len = NULL;
const char *addr_list = NULL;
@@ -126,18 +125,27 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
int retval = -1;
const char *recend = (const char *) ~UINTMAX_C (0);
int sock = -1;
+ hst_response_header hst_resp;
if (mapped != NO_MAPPING)
{
- const struct datahead *found = __nscd_cache_search (type, key, keylen,
- mapped);
+ /* No const qualifier, as it can change during garbage collection. */
+ struct datahead *found = __nscd_cache_search (type, key, keylen, mapped);
if (found != NULL)
{
- hst_resp = &found->data[0].hstdata;
- h_name = (char *) (hst_resp + 1);
- aliases_len = (uint32_t *) (h_name + hst_resp->h_name_len);
+ h_name = (char *) (&found->data[0].hstdata + 1);
+ hst_resp = found->data[0].hstdata;
+ aliases_len = (uint32_t *) (h_name + hst_resp.h_name_len);
addr_list = ((char *) aliases_len
- + hst_resp->h_aliases_cnt * sizeof (uint32_t));
- addr_list_len = hst_resp->h_addr_list_cnt * INADDRSZ;
+ + hst_resp.h_aliases_cnt * sizeof (uint32_t));
+ addr_list_len = hst_resp.h_addr_list_cnt * INADDRSZ;
+ recend = (const char *) found->data + found->recsize;
+ /* Now check if we can trust hst_resp fields. If GC is
+ in progress, it can contain anything. */
+ if (mapped->head->gc_cycle != gc_cycle)
+ {
+ retval = -2;
+ goto out;
+ }
#ifndef _STRING_ARCH_unaligned
/* The aliases_len array in the mapped database might very
@@ -147,51 +155,47 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1))
!= 0)
{
- uint32_t *tmp = alloca (hst_resp->h_aliases_cnt
+ uint32_t *tmp = alloca (hst_resp.h_aliases_cnt
* sizeof (uint32_t));
aliases_len = memcpy (tmp, aliases_len,
- hst_resp->h_aliases_cnt
+ hst_resp.h_aliases_cnt
* sizeof (uint32_t));
}
#endif
if (type != GETHOSTBYADDR && type != GETHOSTBYNAME)
{
- if (hst_resp->h_length == INADDRSZ)
+ if (hst_resp.h_length == INADDRSZ)
addr_list += addr_list_len;
- addr_list_len = hst_resp->h_addr_list_cnt * IN6ADDRSZ;
+ addr_list_len = hst_resp.h_addr_list_cnt * IN6ADDRSZ;
}
- recend = (const char *) found->data + found->recsize;
if (__builtin_expect ((const char *) addr_list + addr_list_len
> recend, 0))
- goto out_close;
+ goto out;
}
}
- hst_response_header hst_resp_mem;
- if (hst_resp == NULL)
+ if (h_name == NULL)
{
- sock = __nscd_open_socket (key, keylen, type, &hst_resp_mem,
- sizeof (hst_resp_mem));
+ sock = __nscd_open_socket (key, keylen, type, &hst_resp,
+ sizeof (hst_resp));
if (sock == -1)
{
__nss_not_use_nscd_hosts = 1;
- goto out;;
+ goto out;
}
-
- hst_resp = &hst_resp_mem;
}
/* No value found so far. */
*result = NULL;
- if (__builtin_expect (hst_resp->found == -1, 0))
+ if (__builtin_expect (hst_resp.found == -1, 0))
{
/* The daemon does not cache this database. */
__nss_not_use_nscd_hosts = 1;
goto out_close;
}
- if (hst_resp->found == 1)
+ if (hst_resp.found == 1)
{
struct iovec vec[4];
char *cp = buffer;
@@ -207,15 +211,15 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
align the pointer and the base of the h_addr_list pointers. */
align1 = ((__alignof__ (char *) - (cp - ((char *) 0)))
& (__alignof__ (char *) - 1));
- align2 = ((__alignof__ (char *) - ((cp + align1 + hst_resp->h_name_len)
+ align2 = ((__alignof__ (char *) - ((cp + align1 + hst_resp.h_name_len)
- ((char *) 0)))
& (__alignof__ (char *) - 1));
- if (buflen < (align1 + hst_resp->h_name_len + align2
- + ((hst_resp->h_aliases_cnt + hst_resp->h_addr_list_cnt
+ if (buflen < (align1 + hst_resp.h_name_len + align2
+ + ((hst_resp.h_aliases_cnt + hst_resp.h_addr_list_cnt
+ 2)
* sizeof (char *))
- + hst_resp->h_addr_list_cnt * (type == AF_INET
- ? INADDRSZ : IN6ADDRSZ)))
+ + hst_resp.h_addr_list_cnt * (type == AF_INET
+ ? INADDRSZ : IN6ADDRSZ)))
{
no_room:
*h_errnop = NETDB_INTERNAL;
@@ -227,12 +231,12 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
/* Prepare the result as far as we can. */
resultbuf->h_aliases = (char **) cp;
- cp += (hst_resp->h_aliases_cnt + 1) * sizeof (char *);
+ cp += (hst_resp.h_aliases_cnt + 1) * sizeof (char *);
resultbuf->h_addr_list = (char **) cp;
- cp += (hst_resp->h_addr_list_cnt + 1) * sizeof (char *);
+ cp += (hst_resp.h_addr_list_cnt + 1) * sizeof (char *);
resultbuf->h_name = cp;
- cp += hst_resp->h_name_len + align2;
+ cp += hst_resp.h_name_len + align2;
if (type == GETHOSTBYADDR || type == GETHOSTBYNAME)
{
@@ -244,7 +248,7 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
resultbuf->h_addrtype = AF_INET6;
resultbuf->h_length = IN6ADDRSZ;
}
- for (cnt = 0; cnt < hst_resp->h_addr_list_cnt; ++cnt)
+ for (cnt = 0; cnt < hst_resp.h_addr_list_cnt; ++cnt)
{
resultbuf->h_addr_list[cnt] = cp;
cp += resultbuf->h_length;
@@ -254,47 +258,47 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
if (h_name == NULL)
{
vec[0].iov_base = resultbuf->h_name;
- vec[0].iov_len = hst_resp->h_name_len;
- total_len = hst_resp->h_name_len;
+ vec[0].iov_len = hst_resp.h_name_len;
+ total_len = hst_resp.h_name_len;
n = 1;
- if (hst_resp->h_aliases_cnt > 0)
+ if (hst_resp.h_aliases_cnt > 0)
{
- aliases_len = alloca (hst_resp->h_aliases_cnt
+ aliases_len = alloca (hst_resp.h_aliases_cnt
* sizeof (uint32_t));
vec[n].iov_base = (void *) aliases_len;
- vec[n].iov_len = hst_resp->h_aliases_cnt * sizeof (uint32_t);
+ vec[n].iov_len = hst_resp.h_aliases_cnt * sizeof (uint32_t);
- total_len += hst_resp->h_aliases_cnt * sizeof (uint32_t);
+ total_len += hst_resp.h_aliases_cnt * sizeof (uint32_t);
++n;
}
if (type == GETHOSTBYADDR || type == GETHOSTBYNAME)
{
vec[n].iov_base = resultbuf->h_addr_list[0];
- vec[n].iov_len = hst_resp->h_addr_list_cnt * INADDRSZ;
+ vec[n].iov_len = hst_resp.h_addr_list_cnt * INADDRSZ;
- total_len += hst_resp->h_addr_list_cnt * INADDRSZ;
+ total_len += hst_resp.h_addr_list_cnt * INADDRSZ;
++n;
}
else
{
- if (hst_resp->h_length == INADDRSZ)
+ if (hst_resp.h_length == INADDRSZ)
{
- ignore = alloca (hst_resp->h_addr_list_cnt * INADDRSZ);
+ ignore = alloca (hst_resp.h_addr_list_cnt * INADDRSZ);
vec[n].iov_base = ignore;
- vec[n].iov_len = hst_resp->h_addr_list_cnt * INADDRSZ;
+ vec[n].iov_len = hst_resp.h_addr_list_cnt * INADDRSZ;
- total_len += hst_resp->h_addr_list_cnt * INADDRSZ;
+ total_len += hst_resp.h_addr_list_cnt * INADDRSZ;
++n;
}
vec[n].iov_base = resultbuf->h_addr_list[0];
- vec[n].iov_len = hst_resp->h_addr_list_cnt * IN6ADDRSZ;
+ vec[n].iov_len = hst_resp.h_addr_list_cnt * IN6ADDRSZ;
- total_len += hst_resp->h_addr_list_cnt * IN6ADDRSZ;
+ total_len += hst_resp.h_addr_list_cnt * IN6ADDRSZ;
++n;
}
@@ -304,13 +308,13 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
}
else
{
- memcpy (resultbuf->h_name, h_name, hst_resp->h_name_len);
+ memcpy (resultbuf->h_name, h_name, hst_resp.h_name_len);
memcpy (resultbuf->h_addr_list[0], addr_list, addr_list_len);
}
/* Now we also can read the aliases. */
total_len = 0;
- for (cnt = 0; cnt < hst_resp->h_aliases_cnt; ++cnt)
+ for (cnt = 0; cnt < hst_resp.h_aliases_cnt; ++cnt)
{
resultbuf->h_aliases[cnt] = cp;
cp += aliases_len[cnt];
@@ -320,10 +324,25 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
if (__builtin_expect ((const char *) addr_list + addr_list_len
+ total_len > recend, 0))
- goto out_close;
+ {
+ /* aliases_len array might contain garbage during nscd GC cycle,
+ retry rather than fail in that case. */
+ if (addr_list != NULL && mapped->head->gc_cycle != gc_cycle)
+ retval = -2;
+ goto out_close;
+ }
/* See whether this would exceed the buffer capacity. */
if (__builtin_expect (cp > buffer + buflen, 0))
- goto no_room;
+ {
+ /* aliases_len array might contain garbage during nscd GC cycle,
+ retry rather than fail in that case. */
+ if (addr_list != NULL && mapped->head->gc_cycle != gc_cycle)
+ {
+ retval = -2;
+ goto out_close;
+ }
+ goto no_room;
+ }
/* And finally read the aliases. */
if (addr_list == NULL)
@@ -342,14 +361,18 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
(const char *) addr_list + addr_list_len, total_len);
/* Try to detect corrupt databases. */
- if (resultbuf->h_name[hst_resp->h_name_len - 1] != '\0'
- || ({for (cnt = 0; cnt < hst_resp->h_aliases_cnt; ++cnt)
+ if (resultbuf->h_name[hst_resp.h_name_len - 1] != '\0'
+ || ({for (cnt = 0; cnt < hst_resp.h_aliases_cnt; ++cnt)
if (resultbuf->h_aliases[cnt][aliases_len[cnt] - 1]
!= '\0')
break;
- cnt < hst_resp->h_aliases_cnt; }))
- /* We cannot use the database. */
- goto out_close;
+ cnt < hst_resp.h_aliases_cnt; }))
+ {
+ /* We cannot use the database. */
+ if (mapped->head->gc_cycle != gc_cycle)
+ retval = -2;
+ goto out_close;
+ }
retval = 0;
*result = resultbuf;
@@ -358,7 +381,7 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
else
{
/* Store the error number. */
- *h_errnop = hst_resp->error;
+ *h_errnop = hst_resp.error;
/* The `errno' to some value != ERANGE. */
__set_errno (ENOENT);
@@ -370,19 +393,21 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
if (sock != -1)
close_not_cancel_no_status (sock);
out:
- if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
+ if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
{
/* When we come here this means there has been a GC cycle while we
were looking for the data. This means the data might have been
inconsistent. Retry if possible. */
- if ((gc_cycle & 1) != 0 || ++nretries == 5)
+ if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
{
/* nscd is just running gc now. Disable using the mapping. */
- __nscd_unmap (mapped);
+ if (atomic_decrement_val (&mapped->counter) == 0)
+ __nscd_unmap (mapped);
mapped = NO_MAPPING;
}
- goto retry;
+ if (retval != -1)
+ goto retry;
}
return retval;
diff --git a/nscd/nscd_getpw_r.c b/nscd/nscd_getpw_r.c
index e8e4d7364f..b84baa1a66 100644
--- a/nscd/nscd_getpw_r.c
+++ b/nscd/nscd_getpw_r.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1998, 1999, 2003, 2004, 2005 Free Software Foundation, Inc.
+/* Copyright (C) 1998, 1999, 2003, 2004, 2005, 2007
+ Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998.
@@ -88,76 +89,81 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type,
struct passwd **result)
{
int gc_cycle;
+ int nretries = 0;
+
/* If the mapping is available, try to search there instead of
communicating with the nscd. */
struct mapped_database *mapped;
mapped = __nscd_get_map_ref (GETFDPW, "passwd", &map_handle, &gc_cycle);
retry:;
- const pw_response_header *pw_resp = NULL;
const char *pw_name = NULL;
int retval = -1;
const char *recend = (const char *) ~UINTMAX_C (0);
+ pw_response_header pw_resp;
if (mapped != NO_MAPPING)
{
- const struct datahead *found = __nscd_cache_search (type, key, keylen,
- mapped);
+ struct datahead *found = __nscd_cache_search (type, key, keylen, mapped);
if (found != NULL)
{
- pw_resp = &found->data[0].pwdata;
- pw_name = (const char *) (pw_resp + 1);
+ pw_name = (const char *) (&found->data[0].pwdata + 1);
+ pw_resp = found->data[0].pwdata;
recend = (const char *) found->data + found->recsize;
+ /* Now check if we can trust pw_resp fields. If GC is
+ in progress, it can contain anything. */
+ if (mapped->head->gc_cycle != gc_cycle)
+ {
+ retval = -2;
+ goto out;
+ }
}
}
- pw_response_header pw_resp_mem;
int sock = -1;
- if (pw_resp == NULL)
+ if (pw_name == NULL)
{
- sock = __nscd_open_socket (key, keylen, type, &pw_resp_mem,
- sizeof (pw_resp_mem));
+ sock = __nscd_open_socket (key, keylen, type, &pw_resp,
+ sizeof (pw_resp));
if (sock == -1)
{
__nss_not_use_nscd_passwd = 1;
goto out;
}
-
- pw_resp = &pw_resp_mem;
}
/* No value found so far. */
*result = NULL;
- if (__builtin_expect (pw_resp->found == -1, 0))
+ if (__builtin_expect (pw_resp.found == -1, 0))
{
/* The daemon does not cache this database. */
__nss_not_use_nscd_passwd = 1;
goto out_close;
}
- if (pw_resp->found == 1)
+ if (pw_resp.found == 1)
{
/* Set the information we already have. */
- resultbuf->pw_uid = pw_resp->pw_uid;
- resultbuf->pw_gid = pw_resp->pw_gid;
+ resultbuf->pw_uid = pw_resp.pw_uid;
+ resultbuf->pw_gid = pw_resp.pw_gid;
char *p = buffer;
/* get pw_name */
resultbuf->pw_name = p;
- p += pw_resp->pw_name_len;
+ p += pw_resp.pw_name_len;
/* get pw_passwd */
resultbuf->pw_passwd = p;
- p += pw_resp->pw_passwd_len;
+ p += pw_resp.pw_passwd_len;
/* get pw_gecos */
resultbuf->pw_gecos = p;
- p += pw_resp->pw_gecos_len;
+ p += pw_resp.pw_gecos_len;
/* get pw_dir */
resultbuf->pw_dir = p;
- p += pw_resp->pw_dir_len;
+ p += pw_resp.pw_dir_len;
/* get pw_pshell */
resultbuf->pw_shell = p;
- p += pw_resp->pw_shell_len;
+ p += pw_resp.pw_shell_len;
ssize_t total = p - buffer;
if (__builtin_expect (pw_name + total > recend, 0))
@@ -189,14 +195,14 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type,
memcpy (resultbuf->pw_name, pw_name, total);
/* Try to detect corrupt databases. */
- if (resultbuf->pw_name[pw_resp->pw_name_len - 1] != '\0'
- || resultbuf->pw_passwd[pw_resp->pw_passwd_len - 1] != '\0'
- || resultbuf->pw_gecos[pw_resp->pw_gecos_len - 1] != '\0'
- || resultbuf->pw_dir[pw_resp->pw_dir_len - 1] != '\0'
- || resultbuf->pw_shell[pw_resp->pw_shell_len - 1] != '\0')
+ if (resultbuf->pw_name[pw_resp.pw_name_len - 1] != '\0'
+ || resultbuf->pw_passwd[pw_resp.pw_passwd_len - 1] != '\0'
+ || resultbuf->pw_gecos[pw_resp.pw_gecos_len - 1] != '\0'
+ || resultbuf->pw_dir[pw_resp.pw_dir_len - 1] != '\0'
+ || resultbuf->pw_shell[pw_resp.pw_shell_len - 1] != '\0')
{
/* We cannot use the database. */
- retval = -1;
+ retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1;
goto out_close;
}
@@ -215,19 +221,21 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type,
if (sock != -1)
close_not_cancel_no_status (sock);
out:
- if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
+ if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
{
/* When we come here this means there has been a GC cycle while we
were looking for the data. This means the data might have been
inconsistent. Retry if possible. */
- if ((gc_cycle & 1) != 0)
+ if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
{
/* nscd is just running gc now. Disable using the mapping. */
- __nscd_unmap (mapped);
+ if (atomic_decrement_val (&mapped->counter) == 0)
+ __nscd_unmap (mapped);
mapped = NO_MAPPING;
}
- goto retry;
+ if (retval != -1)
+ goto retry;
}
return retval;
diff --git a/nscd/nscd_helper.c b/nscd/nscd_helper.c
index 7c45981586..71ea53e19d 100644
--- a/nscd/nscd_helper.c
+++ b/nscd/nscd_helper.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1998-2002,2003,2004,2005,2006 Free Software Foundation, Inc.
+/* Copyright (C) 1998-2002,2003,2004,2005,2006,2007
+ Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
@@ -21,6 +22,7 @@
#include <errno.h>
#include <fcntl.h>
#include <stdbool.h>
+#include <string.h>
#include <time.h>
#include <unistd.h>
#include <sys/mman.h>
@@ -186,6 +188,7 @@ get_mapping (request_type type, const char *key,
request_header req;
char key[keylen];
} reqdata;
+ size_t real_sizeof_reqdata = sizeof (request_header) + keylen;
int sock = open_socket ();
if (sock < 0)
@@ -200,9 +203,9 @@ get_mapping (request_type type, const char *key,
# define MSG_NOSIGNAL 0
# endif
if (__builtin_expect (TEMP_FAILURE_RETRY (__send (sock, &reqdata,
- sizeof (reqdata),
+ real_sizeof_reqdata,
MSG_NOSIGNAL))
- != sizeof (reqdata), 0))
+ != real_sizeof_reqdata, 0))
/* We cannot even write the request. */
goto out_close2;
@@ -240,11 +243,12 @@ get_mapping (request_type type, const char *key,
!= keylen, 0))
goto out_close2;
- mapfd = *(int *) CMSG_DATA (cmsg);
+ if (__builtin_expect (CMSG_FIRSTHDR (&msg) == NULL
+ || (CMSG_FIRSTHDR (&msg)->cmsg_len
+ != CMSG_LEN (sizeof (int))), 0))
+ goto out_close2;
- if (__builtin_expect (CMSG_FIRSTHDR (&msg)->cmsg_len
- != CMSG_LEN (sizeof (int)), 0))
- goto out_close;
+ mapfd = *(int *) CMSG_DATA (cmsg);
struct stat64 st;
if (__builtin_expect (strcmp (resdata, key) != 0, 0)
@@ -362,7 +366,10 @@ __nscd_get_map_ref (request_type type, const char *name,
}
-const struct datahead *
+/* Don't return const struct datahead *, as eventhough the record
+ is normally constant, it can change arbitrarily during nscd
+ garbage collection. */
+struct datahead *
__nscd_cache_search (request_type type, const char *key, size_t keylen,
const struct mapped_database *mapped)
{
@@ -374,16 +381,32 @@ __nscd_cache_search (request_type type, const char *key, size_t keylen,
{
struct hashentry *here = (struct hashentry *) (mapped->data + work);
+#ifndef _STRING_ARCH_unaligned
+ /* Although during garbage collection when moving struct hashentry
+ records around we first copy from old to new location and then
+ adjust pointer from previous hashentry to it, there is no barrier
+ between those memory writes. It is very unlikely to hit it,
+ so check alignment only if a misaligned load can crash the
+ application. */
+ if ((uintptr_t) here & (__alignof__ (*here) - 1))
+ return NULL;
+#endif
+
if (type == here->type
&& keylen == here->len
- && here->key + here->len <= datasize
+ && here->key + keylen <= datasize
&& memcmp (key, mapped->data + here->key, keylen) == 0
&& here->packet + sizeof (struct datahead) <= datasize)
{
/* We found the entry. Increment the appropriate counter. */
- const struct datahead *dh
+ struct datahead *dh
= (struct datahead *) (mapped->data + here->packet);
+#ifndef _STRING_ARCH_unaligned
+ if ((uintptr_t) dh & (__alignof__ (*dh) - 1))
+ return NULL;
+#endif
+
/* See whether we must ignore the entry or whether something
is wrong because garbage collection is in progress. */
if (dh->usable && here->packet + dh->allocsize <= datasize)
diff --git a/nscd/nscd_initgroups.c b/nscd/nscd_initgroups.c
index 97a037d4a9..866455a96c 100644
--- a/nscd/nscd_initgroups.c
+++ b/nscd/nscd_initgroups.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@redhat.com>, 2004.
@@ -39,6 +39,7 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size,
{
size_t userlen = strlen (user) + 1;
int gc_cycle;
+ int nretries = 0;
/* If the mapping is available, try to search there instead of
communicating with the nscd. */
@@ -46,44 +47,49 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size,
mapped = __nscd_get_map_ref (GETFDGR, "group", &__gr_map_handle, &gc_cycle);
retry:;
- const initgr_response_header *initgr_resp = NULL;
char *respdata = NULL;
int retval = -1;
int sock = -1;
+ initgr_response_header initgr_resp;
if (mapped != NO_MAPPING)
{
- const struct datahead *found = __nscd_cache_search (INITGROUPS, user,
- userlen, mapped);
+ struct datahead *found = __nscd_cache_search (INITGROUPS, user,
+ userlen, mapped);
if (found != NULL)
{
- initgr_resp = &found->data[0].initgrdata;
- respdata = (char *) (initgr_resp + 1);
+ respdata = (char *) (&found->data[0].initgrdata + 1);
+ initgr_resp = found->data[0].initgrdata;
char *recend = (char *) found->data + found->recsize;
- if (respdata + initgr_resp->ngrps * sizeof (int32_t) > recend)
+ /* Now check if we can trust initgr_resp fields. If GC is
+ in progress, it can contain anything. */
+ if (mapped->head->gc_cycle != gc_cycle)
+ {
+ retval = -2;
+ goto out;
+ }
+
+ if (respdata + initgr_resp.ngrps * sizeof (int32_t) > recend)
goto out;
}
}
/* If we do not have the cache mapped, try to get the data over the
socket. */
- initgr_response_header initgr_resp_mem;
- if (initgr_resp == NULL)
+ if (respdata == NULL)
{
- sock = __nscd_open_socket (user, userlen, INITGROUPS, &initgr_resp_mem,
- sizeof (initgr_resp_mem));
+ sock = __nscd_open_socket (user, userlen, INITGROUPS, &initgr_resp,
+ sizeof (initgr_resp));
if (sock == -1)
{
/* nscd not running or wrong version. */
__nss_not_use_nscd_group = 1;
goto out;
}
-
- initgr_resp = &initgr_resp_mem;
}
- if (initgr_resp->found == 1)
+ if (initgr_resp.found == 1)
{
/* The following code assumes that gid_t and int32_t are the
same size. This is the case for al existing implementation.
@@ -91,40 +97,40 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size,
doesn't use memcpy but instead copies each array element one
by one. */
assert (sizeof (int32_t) == sizeof (gid_t));
- assert (initgr_resp->ngrps >= 0);
+ assert (initgr_resp.ngrps >= 0);
/* Make sure we have enough room. We always count GROUP in even
though we might not end up adding it. */
- if (*size < initgr_resp->ngrps + 1)
+ if (*size < initgr_resp.ngrps + 1)
{
gid_t *newp = realloc (*groupsp,
- (initgr_resp->ngrps + 1) * sizeof (gid_t));
+ (initgr_resp.ngrps + 1) * sizeof (gid_t));
if (newp == NULL)
/* We cannot increase the buffer size. */
goto out_close;
*groupsp = newp;
- *size = initgr_resp->ngrps + 1;
+ *size = initgr_resp.ngrps + 1;
}
if (respdata == NULL)
{
/* Read the data from the socket. */
- if ((size_t) __readall (sock, *groupsp, initgr_resp->ngrps
+ if ((size_t) __readall (sock, *groupsp, initgr_resp.ngrps
* sizeof (gid_t))
- == initgr_resp->ngrps * sizeof (gid_t))
- retval = initgr_resp->ngrps;
+ == initgr_resp.ngrps * sizeof (gid_t))
+ retval = initgr_resp.ngrps;
}
else
{
/* Just copy the data. */
- retval = initgr_resp->ngrps;
+ retval = initgr_resp.ngrps;
memcpy (*groupsp, respdata, retval * sizeof (gid_t));
}
}
else
{
- if (__builtin_expect (initgr_resp->found == -1, 0))
+ if (__builtin_expect (initgr_resp.found == -1, 0))
{
/* The daemon does not cache this database. */
__nss_not_use_nscd_group = 1;
@@ -153,19 +159,21 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size,
if (sock != -1)
close_not_cancel_no_status (sock);
out:
- if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
+ if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
{
/* When we come here this means there has been a GC cycle while we
were looking for the data. This means the data might have been
inconsistent. Retry if possible. */
- if ((gc_cycle & 1) != 0)
+ if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
{
/* nscd is just running gc now. Disable using the mapping. */
- __nscd_unmap (mapped);
+ if (atomic_decrement_val (&mapped->counter) == 0)
+ __nscd_unmap (mapped);
mapped = NO_MAPPING;
}
- goto retry;
+ if (retval != -1)
+ goto retry;
}
return retval;
diff --git a/nscd/pwdcache.c b/nscd/pwdcache.c
index 01c223add5..ae579df510 100644
--- a/nscd/pwdcache.c
+++ b/nscd/pwdcache.c
@@ -1,5 +1,5 @@
/* Cache handling for passwd lookup.
- Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc.
+ Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
@@ -274,6 +274,7 @@ cache_addpw (struct database_dyn *db, int fd, request_header *req,
{
/* Adjust pointer into the memory block. */
cp = (char *) newp + (cp - (char *) dataset);
+ key_copy = (char *) newp + (key_copy - (char *) dataset);
dataset = memcpy (newp, dataset, total + n);
alloca_used = false;
diff --git a/nscd/selinux.c b/nscd/selinux.c
index f0620d1012..b826031150 100644
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@@ -1,5 +1,5 @@
/* SELinux access controls for nscd.
- Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
+ Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004.
@@ -182,18 +182,22 @@ preserve_capabilities (void)
if (tmp_caps == NULL || new_caps == NULL)
{
if (tmp_caps != NULL)
- free_caps (tmp_caps);
+ cap_free (tmp_caps);
dbg_log (_("Failed to initialize drop of capabilities"));
error (EXIT_FAILURE, 0, _("cap_init failed"));
}
/* There is no reason why these should not work. */
- cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list, new_cap_list, CAP_SET);
- cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list, new_cap_list, CAP_SET);
+ cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list,
+ (cap_value_t *) new_cap_list, CAP_SET);
+ cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list,
+ (cap_value_t *) new_cap_list, CAP_SET);
- cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list, tmp_cap_list, CAP_SET);
- cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list, tmp_cap_list, CAP_SET);
+ cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list,
+ (cap_value_t *) tmp_cap_list, CAP_SET);
+ cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list,
+ (cap_value_t *) tmp_cap_list, CAP_SET);
int res = cap_set_proc (tmp_caps);
@@ -202,7 +206,7 @@ preserve_capabilities (void)
if (__builtin_expect (res != 0, 0))
{
cap_free (new_caps);
- dbg_log (_("Failed to drop capabilities"));
+ dbg_log (_("Failed to drop capabilities\n"));
error (EXIT_FAILURE, 0, _("cap_set_proc failed"));
}
diff --git a/nscd/selinux.h b/nscd/selinux.h
index 9ce0628486..27afcd6e86 100644
--- a/nscd/selinux.h
+++ b/nscd/selinux.h
@@ -1,5 +1,5 @@
/* Header for nscd SELinux access controls.
- Copyright (C) 2004, 2006 Free Software Foundation, Inc.
+ Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004.
@@ -23,7 +23,7 @@
#include "nscd.h"
#ifdef HAVE_LIBCAP
-# include <sys/capabilities.h>
+# include <sys/capability.h>
#endif
#ifdef HAVE_SELINUX