aboutsummaryrefslogtreecommitdiff
path: root/nss/nss_files
AgeCommit message (Collapse)Author
2019-05-16nss_files: Remove RES_USE_INET6 from hosts processingFlorian Weimer
Since commit 3f8b44be0a658266adff5ece1e4bc3ce097a5dbe ("resolv: Remove support for RES_USE_INET6 and the inet6 option"), res_use_inet6 () always evaluates to false.
2019-01-31nss_files: Fix /etc/aliases null pointer dereference [BZ #24059]Florian Weimer
If /etc/aliases ends with a continuation line (a line that starts with whitespace) which does not have a trailing newline character, the file parser would crash due to a null pointer dereference. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers
* All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
2018-08-14nss_files: Fix file stream leak in aliases lookup [BZ #23521]Florian Weimer
In order to get a clean test case, it was necessary to fix partially fixed bug 23522 as well.
2018-07-06nss_files: Fix re-reading of long lines [BZ #18991]Florian Weimer
Use the new __libc_readline_unlocked function to pick up reading at the same line in case the buffer needs to be enlarged.
2018-06-25nss_files: Use struct scratch_buffer instead of extend_alloca [BZ #18023]Florian Weimer
2018-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers
* All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
2017-10-11nss_files: Avoid large buffers with many host addresses [BZ #22078]Florian Weimer
The previous implementation had at least a quadratic space requirement in the number of host addresses and aliases.
2017-10-11nss_files: Use struct scratch_buffer for gethostbyname [BZ #18023]Florian Weimer
2017-10-10nss_files: Refactor gethostbyname3 multi case into separate functionFlorian Weimer
This is in preparation of further cleanup work.
2017-04-18Assume that O_CLOEXEC is always defined and worksFlorian Weimer
2017-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers
2016-12-31resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582]Florian Weimer
2016-01-04Update copyright dates with scripts/update-copyrights.Joseph Myers
2015-09-08Move bits/libc-lock.h and bits/libc-lockP.h out of bits/ (bug 14912).Joseph Myers
It was noted in <https://sourceware.org/ml/libc-alpha/2012-09/msg00305.html> that the bits/*.h naming scheme should only be used for installed headers. This patch renames bits/libc-lock.h to plain libc-lock.h and bits/libc-lockP.h to plain libc-lockP.h to follow that convention. Note that I don't know where libc-lockP.h comes from for Hurd (the Hurd libc-lock.h includes libc-lockP.h, but the only libc-lockP.h in the glibc source tree is for NPTL) - some unmerged patch? - but I updated the #include in the Hurd libc-lock.h anyway. Tested for x86_64 (testsuite, and that installed stripped shared libraries are unchanged by the patch). [BZ #14912] * bits/libc-lock.h: Move to ... * sysdeps/generic/libc-lock.h: ...here. (_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H. * sysdeps/mach/hurd/bits/libc-lock.h: Move to ... * sysdeps/mach/hurd/libc-lock.h: ...here. (_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H. [_LIBC]: Include <libc-lockP.h> instead of <bits/libc-lockP.h>. * sysdeps/mach/bits/libc-lock.h: Move to ... * sysdeps/mach/libc-lock.h: ...here. (_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H. * sysdeps/nptl/bits/libc-lock.h: Move to ... * sysdeps/nptl/libc-lock.h: ...here. (_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H. * sysdeps/nptl/bits/libc-lockP.h: Move to ... * sysdeps/nptl/libc-lockP.h: ...here. (_BITS_LIBC_LOCKP_H): Rename macro to _LIBC_LOCKP_H. * crypt/crypt_util.c: Include <libc-lock.h> instead of <bits/libc-lock.h>. * dirent/scandir-tail.c: Likewise. * dlfcn/dlerror.c: Likewise. * elf/dl-close.c: Likewise. * elf/dl-iteratephdr.c: Likewise. * elf/dl-lookup.c: Likewise. * elf/dl-open.c: Likewise. * elf/dl-support.c: Likewise. * elf/dl-writev.h: Likewise. * elf/rtld.c: Likewise. * grp/fgetgrent.c: Likewise. * gshadow/fgetsgent.c: Likewise. * gshadow/sgetsgent.c: Likewise. * iconv/gconv_conf.c: Likewise. * iconv/gconv_db.c: Likewise. * iconv/gconv_dl.c: Likewise. * iconv/gconv_int.h: Likewise. * iconv/gconv_trans.c: Likewise. * include/link.h: Likewise. * inet/getnameinfo.c: Likewise. * inet/getnetgrent.c: Likewise. * inet/getnetgrent_r.c: Likewise. * intl/bindtextdom.c: Likewise. * intl/dcigettext.c: Likewise. * intl/finddomain.c: Likewise. * intl/gettextP.h: Likewise. * intl/loadmsgcat.c: Likewise. * intl/localealias.c: Likewise. * intl/textdomain.c: Likewise. * libidn/idn-stub.c: Likewise. * libio/libioP.h: Likewise. * locale/duplocale.c: Likewise. * locale/freelocale.c: Likewise. * locale/newlocale.c: Likewise. * locale/setlocale.c: Likewise. * login/getutent_r.c: Likewise. * login/getutid_r.c: Likewise. * login/getutline_r.c: Likewise. * login/utmp-private.h: Likewise. * login/utmpname.c: Likewise. * malloc/mtrace.c: Likewise. * misc/efgcvt.c: Likewise. * misc/error.c: Likewise. * misc/fstab.c: Likewise. * misc/getpass.c: Likewise. * misc/mntent.c: Likewise. * misc/syslog.c: Likewise. * nis/nis_call.c: Likewise. * nis/nis_callback.c: Likewise. * nis/nss-default.c: Likewise. * nis/nss_compat/compat-grp.c: Likewise. * nis/nss_compat/compat-initgroups.c: Likewise. * nis/nss_compat/compat-pwd.c: Likewise. * nis/nss_compat/compat-spwd.c: Likewise. * nis/nss_nis/nis-alias.c: Likewise. * nis/nss_nis/nis-ethers.c: Likewise. * nis/nss_nis/nis-grp.c: Likewise. * nis/nss_nis/nis-hosts.c: Likewise. * nis/nss_nis/nis-network.c: Likewise. * nis/nss_nis/nis-proto.c: Likewise. * nis/nss_nis/nis-pwd.c: Likewise. * nis/nss_nis/nis-rpc.c: Likewise. * nis/nss_nis/nis-service.c: Likewise. * nis/nss_nis/nis-spwd.c: Likewise. * nis/nss_nisplus/nisplus-alias.c: Likewise. * nis/nss_nisplus/nisplus-ethers.c: Likewise. * nis/nss_nisplus/nisplus-grp.c: Likewise. * nis/nss_nisplus/nisplus-hosts.c: Likewise. * nis/nss_nisplus/nisplus-initgroups.c: Likewise. * nis/nss_nisplus/nisplus-network.c: Likewise. * nis/nss_nisplus/nisplus-proto.c: Likewise. * nis/nss_nisplus/nisplus-pwd.c: Likewise. * nis/nss_nisplus/nisplus-rpc.c: Likewise. * nis/nss_nisplus/nisplus-service.c: Likewise. * nis/nss_nisplus/nisplus-spwd.c: Likewise. * nis/ypclnt.c: Likewise. * nptl/libc_pthread_init.c: Likewise. * nss/getXXbyYY.c: Likewise. * nss/getXXent.c: Likewise. * nss/getXXent_r.c: Likewise. * nss/nss_db/db-XXX.c: Likewise. * nss/nss_db/db-netgrp.c: Likewise. * nss/nss_db/nss_db.h: Likewise. * nss/nss_files/files-XXX.c: Likewise. * nss/nss_files/files-alias.c: Likewise. * nss/nsswitch.c: Likewise. * posix/regex_internal.h: Likewise. * posix/wordexp.c: Likewise. * pwd/fgetpwent.c: Likewise. * resolv/res_hconf.c: Likewise. * resolv/res_libc.c: Likewise. * shadow/fgetspent.c: Likewise. * shadow/lckpwdf.c: Likewise. * shadow/sgetspent.c: Likewise. * socket/opensock.c: Likewise. * stdio-common/reg-modifier.c: Likewise. * stdio-common/reg-printf.c: Likewise. * stdio-common/reg-type.c: Likewise. * stdio-common/vfprintf.c: Likewise. * stdio-common/vfscanf.c: Likewise. * stdlib/abort.c: Likewise. * stdlib/cxa_atexit.c: Likewise. * stdlib/fmtmsg.c: Likewise. * stdlib/random.c: Likewise. * stdlib/setenv.c: Likewise. * string/strsignal.c: Likewise. * sunrpc/auth_none.c: Likewise. * sunrpc/bindrsvprt.c: Likewise. * sunrpc/create_xid.c: Likewise. * sunrpc/key_call.c: Likewise. * sunrpc/rpc_thread.c: Likewise. * sysdeps/arm/backtrace.c: Likewise. * sysdeps/generic/ldsodefs.h: Likewise. * sysdeps/generic/stdio-lock.h: Likewise. * sysdeps/generic/unwind-dw2-fde.c: Likewise. * sysdeps/i386/backtrace.c: Likewise. * sysdeps/ieee754/ldbl-opt/nldbl-compat.c: Likewise. * sysdeps/m68k/backtrace.c: Likewise. * sysdeps/mach/hurd/cthreads.c: Likewise. * sysdeps/mach/hurd/dirstream.h: Likewise. * sysdeps/mach/hurd/malloc-machine.h: Likewise. * sysdeps/nptl/malloc-machine.h: Likewise. * sysdeps/nptl/stdio-lock.h: Likewise. * sysdeps/posix/dirstream.h: Likewise. * sysdeps/posix/getaddrinfo.c: Likewise. * sysdeps/posix/system.c: Likewise. * sysdeps/pthread/aio_suspend.c: Likewise. * sysdeps/s390/s390-32/backtrace.c: Likewise. * sysdeps/s390/s390-64/backtrace.c: Likewise. * sysdeps/unix/sysv/linux/check_pf.c: Likewise. * sysdeps/unix/sysv/linux/if_index.c: Likewise. * sysdeps/unix/sysv/linux/s390/s390-32/getutent_r.c: Likewise. * sysdeps/unix/sysv/linux/s390/s390-32/getutid_r.c: Likewise. * sysdeps/unix/sysv/linux/s390/s390-32/getutline_r.c: Likewise. * sysdeps/unix/sysv/linux/shm-directory.c: Likewise. * sysdeps/unix/sysv/linux/system.c: Likewise. * sysdeps/x86_64/backtrace.c: Likewise. * time/alt_digit.c: Likewise. * time/era.c: Likewise. * time/tzset.c: Likewise. * wcsmbs/wcsmbsload.c: Likewise. * nptl/tst-initializers1.c (do_test): Refer to <libc-lock.h> instead of <bits/libc-lock.h> in comment.
2015-05-11Separate internal state between getXXent and getXXbyYY NSS calls (bug 18007)Andreas Schwab
2015-04-29CVE-2014-8121: Do not close NSS files database during iteration [BZ #18007]Florian Weimer
Robin Hack discovered Samba would enter an infinite loop processing certain quota-related requests. We eventually tracked this down to a glibc issue. Running a (simplified) test case under strace shows that /etc/passwd is continuously opened and closed: … open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 lseek(3, 0, SEEK_CUR) = 0 read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717 lseek(3, 2717, SEEK_SET) = 2717 close(3) = 0 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 lseek(3, 0, SEEK_CUR) = 0 lseek(3, 0, SEEK_SET) = 0 read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717 lseek(3, 2717, SEEK_SET) = 2717 close(3) = 0 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 lseek(3, 0, SEEK_CUR) = 0 … The lookup function implementation in nss/nss_files/files-XXX.c:DB_LOOKUP has code to prevent that. It is supposed skip closing the input file if it was already open. /* Reset file pointer to beginning or open file. */ \ status = internal_setent (keep_stream); \ \ if (status == NSS_STATUS_SUCCESS) \ { \ /* Tell getent function that we have repositioned the file pointer. */ \ last_use = getby; \ \ while ((status = internal_getent (result, buffer, buflen, errnop \ H_ERRNO_ARG EXTRA_ARGS_VALUE)) \ == NSS_STATUS_SUCCESS) \ { break_if_match } \ \ if (! keep_stream) \ internal_endent (); \ } \ keep_stream is initialized from the stayopen flag in internal_setent. internal_setent is called from the set*ent implementation as: status = internal_setent (stayopen); However, for non-host database, this flag is always 0, per the STAYOPEN magic in nss/getXXent_r.c. Thus, the fix is this: - status = internal_setent (stayopen); + status = internal_setent (1); This is not a behavioral change even for the hosts database (where the application can specify the stayopen flag) because with a call to sethostent(0), the file handle is still not closed in the implementation of gethostent.
2015-03-13Enhance nscd's inotify support (Bug 14906).Carlos O'Donell
In bug 14906 the user complains that the inotify support in nscd is not sufficient when it comes to detecting changes in the configurationfiles that should be watched for the various databases. The current nscd implementation uses inotify to watch for changes in the configuration files, but adds watches only for IN_DELETE_SELF and IN_MODIFY. These watches are insufficient to cover even the most basic uses by a system administrator. For example using emacs or vim to edit a configuration file should trigger a reload but it might not if the editors use move to atomically update the file. This atomic update changes the inode and thus removes the notification on the file (as inotify is based on inodes). Thus the inotify support in nscd for configuration files is insufficient to account for the average use cases of system administrators and users. The inotify support is significantly enhanced and described here: https://www.sourceware.org/ml/libc-alpha/2015-02/msg00504.html Tested on x86_64 with and without inotify support.
2015-01-02Update copyright dates with scripts/update-copyrights.Joseph Myers
2014-11-24Remove IS_IN_libcSiddhesh Poyarekar
Replace it with IS_IN (libc) and remove the one place that it is defined in. The generated code remains unchanged on x86_64. * include/shlib-compat.h [!NOT_IN_libc]: Remove. * nss/nss_files/files-parse.c (IS_IN_libc): Replace with IS_IN (libc).
2014-11-21BZ#14498: fix infinite loop in nss_db_getservbynameAlexandre Oliva
nss_db uses nss_files code for services, but a continue on protocol mismatch that doesn't affect nss_files skipped the code that advanced to the next db entry. Any one of these changes would suffice to fix it, but fixing both makes them both safer to reuse elsewhere. for ChangeLog [BZ #14498] * NEWS: Fixed. * nss/nss_db/db-XXX.c (_nss_db_get##name##_r): Update hidx after parsing line but before break_if_match. * nss/nss_files/files-service (DB_LOOKUP): Don't "continue;" if there is a protocol mismatch.
2014-06-23Don't ignore too long lines in nss_files (BZ #17079)Andreas Schwab
2014-05-26Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878)Siddhesh Poyarekar
The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer.
2014-02-10Use glibc_likely instead __builtin_expect.Ondřej Bílka
2014-01-27Fix invalid memory access when parsing netgroup files with blank lines (BZ ↵Siddhesh Poyarekar
#16506) The netgroups file parsing code tries to access the character before the newline in parsed lines to see if it is a backslash (\). This results in an access before the block allocated for the line if the line is blank, i.e. does not have anything other than the newline character. This doesn't seem like it will cause any crashes because the byte belongs to the malloc metadata block and hence access to it will always succeed. There could be an invalid alteration in code flow where a blank line is seen as a continuation due to the preceding byte *happening* to be '\\'. This could be done by interposing malloc, but that's not really a security problem since one could interpose getnetgrent_r itself and achieve a similar 'exploit'. The possibility of actually exploiting this is remote to impossible since it also requires the previous line to end with a '\\', which would happen only on invalid configurations.
2014-01-01Update copyright notices with scripts/update-copyrightsAllan McRae
2013-12-02Use herrnop directlySiddhesh Poyarekar
H_ERRNO_ARGS is unnecessary since we this file is specifically for hosts lookup.
2013-11-28Get canonical name in getaddrinfo from hosts file for AF_INET (fixes 16077)Siddhesh Poyarekar
AF_INET lookup in hosts file uses _nss_files_gethostbyname2_r, which is not capable of returning a canonical name if it has found one. This change adds _nss_files_gethostbyname3_r, which wraps around _nss_files_gethostbyname2_r and then returns result.h_name as the canonical name.
2013-10-30Fix reads for sizes larger than INT_MAX in AF_INET lookupSiddhesh Poyarekar
Currently for AF_INET lookups from the hosts file, buffer sizes larger than INT_MAX silently overflow and may result in access beyond bounds of a buffer. This happens when the number of results in an AF_INET lookup in /etc/hosts are very large. There are two aspects to the problem. One problem is that the size computed from the buffer size is stored into an int, which results in overflow for large sizes. Additionally, even if this size was expanded, the function used to read content into the buffer (fgets) accepts only int sizes. As a result, the fix is to have a function wrap around fgets that calls it multiple times with int sizes if necessary.
2013-08-26Use proper #include for xdecrypt declarations.Roland McGrath
2013-06-06Fix leading whitespaces.Ondrej Bilka
2013-05-16Add #include <stdint.h> for uint[32|64]_t usage (except installed headers).Ryan S. Arnold
2013-04-23Remove non-standard initialisation of flexible array memberAndreas Schwab
This avoids GCC bug 28865.
2013-01-02Update copyright notices with scripts/update-copyrights.Joseph Myers
2012-08-22BZ#13696: Add --disable-nscd configure option.Roland McGrath
2012-07-30Fix lots of bitrot for stub configurations.Roland McGrath
2012-02-09Replace FSF snail mail address with URLs.Paul Eggert
2011-11-15Clean up internal fopen usesUlrich Drepper
No need to ever not use c and e.
2011-11-07Fix buffer allocation in files initgroups handlerAndreas Schwab
2011-10-07Implement caching of nscdUlrich Drepper
2011-09-28Optimize libnss_files initializationUlrich Drepper
2011-09-27Correctly reparse group line after enlarging the bufferAndreas Schwab
2011-08-20More optimizations of nss_filesUlrich Drepper
2011-08-20Minor optimizatin in alias lookup in files NSS moduleUlrich Drepper
2011-07-11Generalize framework to register monitoring of files in nscdUlrich Drepper
nscd can clear caches when certain files change. The list of files was hardcoded so far and worked for nss_files and nss_dns and those modules which need no monitoring. nss_db, for instance, has its own set of files to monitor. Now the NSS modules themselves can request that certain files are monitored.
2011-06-15Reenable nss_db with a completely new implementationUlrich Drepper
No longer is Berkeley db used. Instead a simple hash function is used. The database files are not updated once they are created and therefore no complicated database is needed.
2011-05-06Report if no record is found by initgroups in nss_files.Ulrich Drepper
2011-04-21Fix reallocation bug in last nss_files change.Ulrich Drepper
2011-04-19Fix little issue with last change.Ulrich Drepper
2011-04-19Define initgroups callback for nss_files.Ulrich Drepper