diff options
author | DJ Delorie <dj@redhat.com> | 2019-06-28 18:30:00 -0500 |
---|---|---|
committer | DJ Delorie <dj@redhat.com> | 2019-07-10 14:51:18 -0400 |
commit | 99135114ba23c3110b7e4e650fabdc5e639746b7 (patch) | |
tree | 09e4349308db59321eddff440eadaa630f60575b /nss | |
parent | 30ba0375464f34e4bf8129f3d3dc14d0c09add17 (diff) | |
download | glibc-99135114ba23c3110b7e4e650fabdc5e639746b7.tar glibc-99135114ba23c3110b7e4e650fabdc5e639746b7.tar.gz glibc-99135114ba23c3110b7e4e650fabdc5e639746b7.tar.bz2 glibc-99135114ba23c3110b7e4e650fabdc5e639746b7.zip |
nss_db: fix endent wrt NULL mappings [BZ #24695] [BZ #24696]
nss_db allows for getpwent et al to be called without a set*ent,
but it only works once. After the last get*ent a set*ent is
required to restart, because the end*ent did not properly reset
the module. Resetting it to NULL allows for a proper restart.
If the database doesn't exist, however, end*ent erroniously called
munmap which set errno.
The test case runs "makedb" inside the testroot, so needs selinux
DSOs installed.
Diffstat (limited to 'nss')
-rw-r--r-- | nss/Makefile | 4 | ||||
-rw-r--r-- | nss/nss_db/db-open.c | 6 | ||||
-rw-r--r-- | nss/tst-nss-db-endgrent.c | 54 | ||||
-rw-r--r-- | nss/tst-nss-db-endgrent.root/etc/nsswitch.conf | 1 | ||||
-rw-r--r-- | nss/tst-nss-db-endpwent.c | 66 | ||||
-rw-r--r-- | nss/tst-nss-db-endpwent.root/etc/nsswitch.conf | 1 | ||||
-rw-r--r-- | nss/tst-nss-db-endpwent.root/var/db/passwd.in | 4 |
7 files changed, 134 insertions, 2 deletions
diff --git a/nss/Makefile b/nss/Makefile index 95081bddc5..a15c3b7d90 100644 --- a/nss/Makefile +++ b/nss/Makefile @@ -61,7 +61,9 @@ xtests = bug-erange tests-container = \ tst-nss-test3 \ - tst-nss-files-hosts-long + tst-nss-files-hosts-long \ + tst-nss-db-endpwent \ + tst-nss-db-endgrent # Tests which need libdl ifeq (yes,$(build-shared)) diff --git a/nss/nss_db/db-open.c b/nss/nss_db/db-open.c index 8a83d6b930..3fa11e9ab0 100644 --- a/nss/nss_db/db-open.c +++ b/nss/nss_db/db-open.c @@ -63,5 +63,9 @@ internal_setent (const char *file, struct nss_db_map *mapping) void internal_endent (struct nss_db_map *mapping) { - munmap (mapping->header, mapping->len); + if (mapping->header != NULL) + { + munmap (mapping->header, mapping->len); + mapping->header = NULL; + } } diff --git a/nss/tst-nss-db-endgrent.c b/nss/tst-nss-db-endgrent.c new file mode 100644 index 0000000000..367cc6c901 --- /dev/null +++ b/nss/tst-nss-db-endgrent.c @@ -0,0 +1,54 @@ +/* Test for endgrent changing errno for BZ #24696 + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <stdlib.h> +#include <sys/types.h> +#include <grp.h> +#include <unistd.h> +#include <errno.h> + +#include <support/check.h> +#include <support/support.h> + +/* The following test verifies that if the db NSS Service is initialized + with no database (getgrent), that a subsequent closure (endgrent) does + not set errno. In the case of the db service it is not an error to close + the service and so it should not set errno. */ + +static int +do_test (void) +{ + /* Just make sure it's not there, although usually it won't be. */ + unlink ("/var/db/group.db"); + + /* This, in conjunction with the testroot's nsswitch.conf, causes + the nss_db module to be "connected" and initialized - but the + testroot has no group.db, so no mapping will be created. */ + getgrent (); + + errno = 0; + + /* Before the fix, this would call munmap (NULL) and set errno. */ + endgrent (); + + if (errno != 0) + FAIL_EXIT1 ("endgrent set errno to %d\n", errno); + + return 0; +} +#include <support/test-driver.c> diff --git a/nss/tst-nss-db-endgrent.root/etc/nsswitch.conf b/nss/tst-nss-db-endgrent.root/etc/nsswitch.conf new file mode 100644 index 0000000000..21471df94f --- /dev/null +++ b/nss/tst-nss-db-endgrent.root/etc/nsswitch.conf @@ -0,0 +1 @@ +group : db files diff --git a/nss/tst-nss-db-endpwent.c b/nss/tst-nss-db-endpwent.c new file mode 100644 index 0000000000..cb85410b7c --- /dev/null +++ b/nss/tst-nss-db-endpwent.c @@ -0,0 +1,66 @@ +/* Test for endpwent->getpwent crash for BZ #24695 + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <pwd.h> + +#include <support/support.h> +#include <support/check.h> + +/* It is entirely allowed to start with a getpwent call without + resetting the state of the service via a call to setpwent. + You can also call getpwent more times than you have entries in + the service, and it should not fail. This test iteratates the + database once, gets to the end, and then attempts a second + iteration to look for crashes. */ + +static void +try_it (void) +{ + struct passwd *pw; + + /* setpwent is intentionally omitted here. The first call to + getpwent detects that it's first and initializes. The second + time try_it is called, this "first call" was not detected before + the fix, and getpwent would crash. */ + + while ((pw = getpwent ()) != NULL) + ; + + /* We only care if this segfaults or not. */ + endpwent (); +} + +static int +do_test (void) +{ + char *cmd; + + cmd = xasprintf ("%s/makedb -o /var/db/passwd.db /var/db/passwd.in", + support_bindir_prefix); + system (cmd); + free (cmd); + + try_it (); + try_it (); + + return 0; +} +#include <support/test-driver.c> diff --git a/nss/tst-nss-db-endpwent.root/etc/nsswitch.conf b/nss/tst-nss-db-endpwent.root/etc/nsswitch.conf new file mode 100644 index 0000000000..593ffc564a --- /dev/null +++ b/nss/tst-nss-db-endpwent.root/etc/nsswitch.conf @@ -0,0 +1 @@ +passwd: db diff --git a/nss/tst-nss-db-endpwent.root/var/db/passwd.in b/nss/tst-nss-db-endpwent.root/var/db/passwd.in new file mode 100644 index 0000000000..98f39126ef --- /dev/null +++ b/nss/tst-nss-db-endpwent.root/var/db/passwd.in @@ -0,0 +1,4 @@ +.root root:x:0:0:root:/root:/bin/bash +=0 root:x:0:0:root:/root:/bin/bash +.bin bin:x:1:1:bin:/bin:/sbin/nologin +=1 bin:x:1:1:bin:/bin:/sbin/nologin |