about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2016-03-29 11:27:32 +0200
committerFlorian Weimer <fweimer@redhat.com>2016-03-29 11:27:32 +0200
commita6033052d08027f745867e5e346852da1959226c (patch)
tree7223be0f10e3468f5c44ef9c259ec0a36f30ae85
parent0791f91dff9a77263fa8173b143d854cad902c6d (diff)
downloadglibc-a6033052d08027f745867e5e346852da1959226c.tar.gz
glibc-a6033052d08027f745867e5e346852da1959226c.tar.xz
glibc-a6033052d08027f745867e5e346852da1959226c.zip
nss_db: Propagate ERANGE error if parse_line fails [BZ #19837]
Reproducer (needs to run as root):

perl -e \
  'print "large:x:999:" . join(",", map {"user$_"} (1 .. 135))."\n"' \
  >> /etc/group
cd /var/db
make
getent -s db group

After the fix, the last command should list the "large" group.

The magic number 135 has been chosen so that the line is shorter than
1024 bytes, but the pointers required to encode the member array will
cross the threshold, triggering the bug.
-rw-r--r--ChangeLog6
-rw-r--r--nss/nss_db/db-XXX.c4
2 files changed, 8 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index ad5d881ba7..ce6f8a2204 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2016-03-29  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #19837]
+	* nss/nss_db/db-XXX.c (_nss_db_getENTNAME_r): Propagate ERANGE
+	error if parse_line fails.
+
 2016-03-28   H.J. Lu  <hongjiu.lu@intel.com>
 
 	* sysdeps/x86/cpu-features.h (bit_cpu_ERMS): New.
diff --git a/nss/nss_db/db-XXX.c b/nss/nss_db/db-XXX.c
index 03c18d70de..125a5e9b12 100644
--- a/nss/nss_db/db-XXX.c
+++ b/nss/nss_db/db-XXX.c
@@ -288,8 +288,8 @@ CONCAT(_nss_db_get,ENTNAME_r) (struct STRUCTURE *result, char *buffer,
 	    }
 	  if (err < 0)
 	    {
-	      H_ERRNO_SET (HOST_NOT_FOUND);
-	      status = NSS_STATUS_NOTFOUND;
+	      H_ERRNO_SET (NETDB_INTERNAL);
+	      status = NSS_STATUS_TRYAGAIN;
 	      break;
 	    }