about summary refs log tree commit diff
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2014-05-26 11:40:08 +0530
committerAllan McRae <allan@archlinux.org>2014-09-05 22:44:10 +1000
commit6ccc1c41f52f93548b5eb64d106219e287052472 (patch)
treeef95b0851f1f46376ab14d7c45e318a6efb54276
parent4e27332819b6151ccb5031d0efd718d802168573 (diff)
downloadglibc-6ccc1c41f52f93548b5eb64d106219e287052472.tar.gz
glibc-6ccc1c41f52f93548b5eb64d106219e287052472.tar.xz
glibc-6ccc1c41f52f93548b5eb64d106219e287052472.zip
Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878)
The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL
(with errno as ERANGE) when the supplied buffer does not have
sufficient space for the result.  This is wrong, because the canonical
way to indicate insufficient buffer is to set the errno to ERANGE and
the status to NSS_STATUS_TRYAGAIN, as is used by all other modules.

This fixes nscd behaviour when the nss_ldap module returns
NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to
fit into the supplied buffer.

(cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692)

Conflicts:
	NEWS
-rw-r--r--ChangeLog8
-rw-r--r--NEWS4
-rw-r--r--nscd/netgroupcache.c14
-rw-r--r--nss/nss_files/files-netgrp.c2
4 files changed, 19 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index d84e14dd85..0255114fba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2014-05-26  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16878]
+	* nscd/netgroupcache.c (addgetnetgrentX): Look for
+	NSS_STATUS_TRYAGAIN to indicate insufficient buffer space.
+	* nscd/nss_files/files-netgrp.c (_nss_netgroup_parseline): Use
+	NSS_STATUS_TRYAGAIN to indicate insufficient buffer space.
+
 2014-03-12  Siddhesh Poyarekar  <siddhesh@redhat.com>
 
 	[BZ #16695]
diff --git a/NEWS b/NEWS
index 58fe721c75..e84bae538f 100644
--- a/NEWS
+++ b/NEWS
@@ -9,8 +9,8 @@ Version 2.19.1
 
 * The following bugs are resolved with this release:
 
-  15946, 16545, 16574, 16623, 16695, 16882, 16885, 16916, 16932, 16943,
-  16958, 17048, 17069.
+  15946, 16545, 16574, 16623, 16695, 16878, 16882, 16885, 16916, 16932,
+  16943, 16958, 17048, 17069.
 
 * CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
   copy the path argument.  This allowed programs to cause posix_spawn to
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index fe7fc750e2..084f74df2f 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -203,11 +203,6 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
 		    int e;
 		    status = getfct.f (&data, buffer + buffilled,
 				       buflen - buffilled - req->key_len, &e);
-		    if (status == NSS_STATUS_RETURN
-			|| status == NSS_STATUS_NOTFOUND)
-		      /* This was either the last one for this group or the
-			 group was empty.  Look at next group if available.  */
-		      break;
 		    if (status == NSS_STATUS_SUCCESS)
 		      {
 			if (data.type == triple_val)
@@ -322,11 +317,18 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
 			      }
 			  }
 		      }
-		    else if (status == NSS_STATUS_UNAVAIL && e == ERANGE)
+		    else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
 		      {
 			buflen *= 2;
 			buffer = xrealloc (buffer, buflen);
 		      }
+		    else if (status == NSS_STATUS_RETURN
+			     || status == NSS_STATUS_NOTFOUND
+			     || status == NSS_STATUS_UNAVAIL)
+		      /* This was either the last one for this group or the
+			 group was empty or the NSS module had an internal
+			 failure.  Look at next group if available.  */
+		      break;
 		  }
 
 	      enum nss_status (*endfct) (struct __netgrent *);
diff --git a/nss/nss_files/files-netgrp.c b/nss/nss_files/files-netgrp.c
index 34eae4c5be..bc0b367da8 100644
--- a/nss/nss_files/files-netgrp.c
+++ b/nss/nss_files/files-netgrp.c
@@ -252,7 +252,7 @@ _nss_netgroup_parseline (char **cursor, struct __netgrent *result,
   if (cp - host > buflen)
     {
       *errnop = ERANGE;
-      status = NSS_STATUS_UNAVAIL;
+      status = NSS_STATUS_TRYAGAIN;
     }
   else
     {