diff options
| author | Siddhesh Poyarekar <siddhesh@redhat.com> | 2014-05-26 11:40:08 +0530 |
|---|---|---|
| committer | Allan McRae <allan@archlinux.org> | 2014-09-05 22:44:10 +1000 |
| commit | 6ccc1c41f52f93548b5eb64d106219e287052472 (patch) | |
| tree | ef95b0851f1f46376ab14d7c45e318a6efb54276 | |
| parent | 4e27332819b6151ccb5031d0efd718d802168573 (diff) | |
| download | glibc-6ccc1c41f52f93548b5eb64d106219e287052472.tar.gz glibc-6ccc1c41f52f93548b5eb64d106219e287052472.tar.xz glibc-6ccc1c41f52f93548b5eb64d106219e287052472.zip | |
Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878)
The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | nscd/netgroupcache.c | 14 | ||||
| -rw-r--r-- | nss/nss_files/files-netgrp.c | 2 |
4 files changed, 19 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog index d84e14dd85..0255114fba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2014-05-26 Siddhesh Poyarekar <siddhesh@redhat.com> + + [BZ #16878] + * nscd/netgroupcache.c (addgetnetgrentX): Look for + NSS_STATUS_TRYAGAIN to indicate insufficient buffer space. + * nscd/nss_files/files-netgrp.c (_nss_netgroup_parseline): Use + NSS_STATUS_TRYAGAIN to indicate insufficient buffer space. + 2014-03-12 Siddhesh Poyarekar <siddhesh@redhat.com> [BZ #16695] diff --git a/NEWS b/NEWS index 58fe721c75..e84bae538f 100644 --- a/NEWS +++ b/NEWS @@ -9,8 +9,8 @@ Version 2.19.1 * The following bugs are resolved with this release: - 15946, 16545, 16574, 16623, 16695, 16882, 16885, 16916, 16932, 16943, - 16958, 17048, 17069. + 15946, 16545, 16574, 16623, 16695, 16878, 16882, 16885, 16916, 16932, + 16943, 16958, 17048, 17069. * CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not copy the path argument. This allowed programs to cause posix_spawn to diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c index fe7fc750e2..084f74df2f 100644 --- a/nscd/netgroupcache.c +++ b/nscd/netgroupcache.c @@ -203,11 +203,6 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, int e; status = getfct.f (&data, buffer + buffilled, buflen - buffilled - req->key_len, &e); - if (status == NSS_STATUS_RETURN - || status == NSS_STATUS_NOTFOUND) - /* This was either the last one for this group or the - group was empty. Look at next group if available. */ - break; if (status == NSS_STATUS_SUCCESS) { if (data.type == triple_val) @@ -322,11 +317,18 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, } } } - else if (status == NSS_STATUS_UNAVAIL && e == ERANGE) + else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE) { buflen *= 2; buffer = xrealloc (buffer, buflen); } + else if (status == NSS_STATUS_RETURN + || status == NSS_STATUS_NOTFOUND + || status == NSS_STATUS_UNAVAIL) + /* This was either the last one for this group or the + group was empty or the NSS module had an internal + failure. Look at next group if available. */ + break; } enum nss_status (*endfct) (struct __netgrent *); diff --git a/nss/nss_files/files-netgrp.c b/nss/nss_files/files-netgrp.c index 34eae4c5be..bc0b367da8 100644 --- a/nss/nss_files/files-netgrp.c +++ b/nss/nss_files/files-netgrp.c @@ -252,7 +252,7 @@ _nss_netgroup_parseline (char **cursor, struct __netgrent *result, if (cp - host > buflen) { *errnop = ERANGE; - status = NSS_STATUS_UNAVAIL; + status = NSS_STATUS_TRYAGAIN; } else { |