summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog8
-rw-r--r--nis/nss_compat/compat-grp.c82
-rw-r--r--nis/nss_compat/compat-initgroups.c24
-rw-r--r--nis/nss_compat/compat-pwd.c74
-rw-r--r--nis/nss_compat/compat-spwd.c48
-rw-r--r--nptl/sysdeps/pthread/pthread.h18
6 files changed, 148 insertions, 106 deletions
diff --git a/ChangeLog b/ChangeLog
index 71cd45bf05..f68cfd110e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2004-09-11  Thorsten Kukuk  <kukuk@suse.de>
+
+	* nis/nss_compat/compat-grp.c: Check that buflen is greater zero
+	before writing data into the buffer with negative offset.
+	* nis/nss_compat/compat-initgroups.c: Likewise.
+	* nis/nss_compat/compat-pwd.c: Likewise.
+	* nis/nss_compat/compat-spwd.c Likewise.
+
 2004-09-12  Ulrich Drepper  <drepper@redhat.com>
 
 	* misc/syslog.c (vsyslog): Fix copying of PID in case of
diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c
index 85414ed81d..08bf5d2f80 100644
--- a/nis/nss_compat/compat-grp.c
+++ b/nis/nss_compat/compat-grp.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996,1997,1998,1999,2001,2002, 2003 Free Software Foundation, Inc.
+/* Copyright (C) 1996-1999,2001,2002,2003,2004 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.
 
@@ -253,17 +253,25 @@ getgrent_next_file (struct group *result, ent_t *ent,
 
       do
 	{
+	  /* We need at least 3 characters for one line.  */
+	  if (__builtin_expect (buflen < 3, 0))
+	    {
+	    erange:
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  fgetpos (ent->stream, &pos);
 	  buffer[buflen - 1] = '\xff';
 	  p = fgets_unlocked (buffer, buflen, ent->stream);
 	  if (p == NULL && feof_unlocked (ent->stream))
 	    return NSS_STATUS_NOTFOUND;
 
-	  if (p == NULL || buffer[buflen - 1] != '\xff')
+	  if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
 	    {
+	    erange_reset:
 	      fsetpos (ent->stream, &pos);
-	      *errnop = ERANGE;
-	      return NSS_STATUS_TRYAGAIN;
+	      goto erange;
 	    }
 
 	  /* Terminate the line for any case.  */
@@ -279,13 +287,9 @@ getgrent_next_file (struct group *result, ent_t *ent,
 	     !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
 						   errnop)));
 
-      if (parse_res == -1)
-	{
-	  /* The parser ran out of space.  */
-	  fsetpos (ent->stream, &pos);
-	  *errnop = ERANGE;
-	  return NSS_STATUS_TRYAGAIN;
-	}
+      if (__builtin_expect (parse_res == -1, 0))
+	/* The parser ran out of space.  */
+	goto erange_reset;
 
       if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
 	/* This is a real entry.  */
@@ -315,17 +319,15 @@ getgrent_next_file (struct group *result, ent_t *ent,
 	  blacklist_store_name (buf, ent);
 	  if (status == NSS_STATUS_SUCCESS)	/* We found the entry. */
 	    break;
-	  else if (status == NSS_STATUS_RETURN	/* We couldn't parse the entry */
+	  else if (status == NSS_STATUS_RETURN /* We couldn't parse the entry*/
 		   || status == NSS_STATUS_NOTFOUND)	/* No group in NIS */
 	    continue;
 	  else
 	    {
 	      if (status == NSS_STATUS_TRYAGAIN)
-		{
-		  /* The parser ran out of space.  */
-		  fsetpos (ent->stream, &pos);
-		  *errnop = ERANGE;
-		}
+		/* The parser ran out of space.  */
+		goto erange_reset;
+
 	      return status;
 	    }
 	}
@@ -384,17 +386,25 @@ internal_getgrnam_r (const char *name, struct group *result, ent_t *ent,
 
       do
 	{
+	  /* We need at least 3 characters for one line.  */
+	  if (__builtin_expect (buflen < 3, 0))
+	    {
+	    erange:
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  fgetpos (ent->stream, &pos);
 	  buffer[buflen - 1] = '\xff';
 	  p = fgets_unlocked (buffer, buflen, ent->stream);
 	  if (p == NULL && feof_unlocked (ent->stream))
 	    return NSS_STATUS_NOTFOUND;
 
-	  if (p == NULL || buffer[buflen - 1] != '\xff')
+	  if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
 	    {
+	    erange_reset:
 	      fsetpos (ent->stream, &pos);
-	      *errnop = ERANGE;
-	      return NSS_STATUS_TRYAGAIN;
+	      goto erange;
 	    }
 
 	  /* Terminate the line for any case.  */
@@ -410,13 +420,9 @@ internal_getgrnam_r (const char *name, struct group *result, ent_t *ent,
 	     !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
 						   errnop)));
 
-      if (parse_res == -1)
-	{
-	  /* The parser ran out of space.  */
-	  fsetpos (ent->stream, &pos);
-	  *errnop = ERANGE;
-	  return NSS_STATUS_TRYAGAIN;
-	}
+      if (__builtin_expect (parse_res == -1, 0))
+	/* The parser ran out of space.  */
+	goto erange_reset;
 
       /* This is a real entry.  */
       if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
@@ -511,17 +517,25 @@ internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent,
 
       do
 	{
+	  /* We need at least 3 characters for one line.  */
+	  if (__builtin_expect (buflen < 3, 0))
+	    {
+	    erange:
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  fgetpos (ent->stream, &pos);
 	  buffer[buflen - 1] = '\xff';
 	  p = fgets_unlocked (buffer, buflen, ent->stream);
 	  if (p == NULL && feof_unlocked (ent->stream))
 	    return NSS_STATUS_NOTFOUND;
 
-	  if (p == NULL || buffer[buflen - 1] != '\xff')
+	  if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
 	    {
+	    erange_reset:
 	      fsetpos (ent->stream, &pos);
-	      *errnop = ERANGE;
-	      return NSS_STATUS_TRYAGAIN;
+	      goto erange;
 	    }
 
 	  /* Terminate the line for any case.  */
@@ -538,12 +552,8 @@ internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent,
 						   errnop)));
 
       if (parse_res == -1)
-	{
-	  /* The parser ran out of space.  */
-	  fsetpos (ent->stream, &pos);
-	  *errnop = ERANGE;
-	  return NSS_STATUS_TRYAGAIN;
-	}
+	/* The parser ran out of space.  */
+	goto erange_reset;
 
       /* This is a real entry.  */
       if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
diff --git a/nis/nss_compat/compat-initgroups.c b/nis/nss_compat/compat-initgroups.c
index 100febc672..9574ea7c0b 100644
--- a/nis/nss_compat/compat-initgroups.c
+++ b/nis/nss_compat/compat-initgroups.c
@@ -327,17 +327,25 @@ internal_getgrent_r (ent_t *ent, char *buffer, size_t buflen, const char *user,
 
       do
 	{
+	  /* We need at least 3 characters for one line.  */
+	  if (__builtin_expect (buflen < 3, 0))
+	    {
+	    erange:
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  fgetpos (ent->stream, &pos);
 	  buffer[buflen - 1] = '\xff';
 	  p = fgets_unlocked (buffer, buflen, ent->stream);
 	  if (p == NULL && feof_unlocked (ent->stream))
 	    return NSS_STATUS_NOTFOUND;
 
-	  if (p == NULL || buffer[buflen - 1] != '\xff')
+	  if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
 	    {
+	    erange_reset:
 	      fsetpos (ent->stream, &pos);
-	      *errnop = ERANGE;
-	      return NSS_STATUS_TRYAGAIN;
+	      goto erange;
 	    }
 
 	  /* Terminate the line for any case.  */
@@ -353,13 +361,9 @@ internal_getgrent_r (ent_t *ent, char *buffer, size_t buflen, const char *user,
 	     !(parse_res = _nss_files_parse_grent (p, &grpbuf, data, buflen,
 						   errnop)));
 
-      if (parse_res == -1)
-	{
-	  /* The parser ran out of space.  */
-	  fsetpos (ent->stream, &pos);
-	  *errnop = ERANGE;
-	  return NSS_STATUS_TRYAGAIN;
-	}
+      if (__builtin_expect (parse_res == -1, 0))
+	/* The parser ran out of space.  */
+	goto erange_reset;
 
       if (grpbuf.gr_name[0] != '+' && grpbuf.gr_name[0] != '-')
 	/* This is a real entry.  */
diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c
index b8c5890b5b..89a6a7013e 100644
--- a/nis/nss_compat/compat-pwd.c
+++ b/nis/nss_compat/compat-pwd.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996-1999,2001,2002,2003 Free Software Foundation, Inc.
+/* Copyright (C) 1996-1999,2001,2002,2003,2004 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
 
@@ -499,17 +499,25 @@ getpwent_next_file (struct passwd *result, ent_t *ent,
 
       do
 	{
+	  /* We need at least 3 characters for one line.  */
+	  if (__builtin_expect (buflen < 3, 0))
+	    {
+	    erange:
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  fgetpos (ent->stream, &pos);
 	  buffer[buflen - 1] = '\xff';
 	  p = fgets_unlocked (buffer, buflen, ent->stream);
 	  if (p == NULL && feof_unlocked (ent->stream))
 	    return NSS_STATUS_NOTFOUND;
 
-	  if (p == NULL || buffer[buflen - 1] != '\xff')
+	  if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
 	    {
+	    erange_reset:
 	      fsetpos (ent->stream, &pos);
-	      *errnop = ERANGE;
-	      return NSS_STATUS_TRYAGAIN;
+	      goto erange;
 	    }
 
 	  /* Terminate the line for any case.  */
@@ -525,13 +533,9 @@ getpwent_next_file (struct passwd *result, ent_t *ent,
 	     !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
 						   errnop)));
 
-      if (parse_res == -1)
-	{
-	  /* The parser ran out of space.  */
-	  fsetpos (ent->stream, &pos);
-	  *errnop = ERANGE;
-	  return NSS_STATUS_TRYAGAIN;
-	}
+      if (__builtin_expect (parse_res == -1, 0))
+	/* The parser ran out of space.  */
+	goto erange_reset;
 
       if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
 	/* This is a real entry.  */
@@ -694,6 +698,14 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
 
       do
 	{
+	  /* We need at least 3 characters for one line.  */
+	  if (__builtin_expect (buflen < 3, 0))
+	    {
+	    erange:
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  fgetpos (ent->stream, &pos);
 	  buffer[buflen - 1] = '\xff';
 	  p = fgets_unlocked (buffer, buflen, ent->stream);
@@ -701,11 +713,11 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
 	    {
 	      return NSS_STATUS_NOTFOUND;
 	    }
-	  if (p == NULL || buffer[buflen - 1] != '\xff')
+	  if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
 	    {
+	    erange_reset:
 	      fsetpos (ent->stream, &pos);
-	      *errnop = ERANGE;
-	      return NSS_STATUS_TRYAGAIN;
+	      goto erange;
 	    }
 
 	  /* Terminate the line for any case.  */
@@ -721,13 +733,9 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
 	     !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
 						   errnop)));
 
-      if (parse_res == -1)
-	{
-	  /* The parser ran out of space.  */
-	  fsetpos (ent->stream, &pos);
-	  *errnop = ERANGE;
-	  return NSS_STATUS_TRYAGAIN;
-	}
+      if (__builtin_expect (parse_res == -1, 0))
+	/* The parser ran out of space.  */
+	goto erange_reset;
 
       /* This is a real entry.  */
       if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
@@ -897,17 +905,25 @@ internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent,
 
       do
 	{
+	  /* We need at least 3 characters for one line.  */
+	  if (__builtin_expect (buflen < 3, 0))
+	    {
+	    erange:
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  fgetpos (ent->stream, &pos);
 	  buffer[buflen - 1] = '\xff';
 	  p = fgets_unlocked (buffer, buflen, ent->stream);
 	  if (p == NULL && feof_unlocked (ent->stream))
 	    return NSS_STATUS_NOTFOUND;
 
-	  if (p == NULL || buffer[buflen - 1] != '\xff')
+	  if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
 	    {
+	    erange_reset:
 	      fsetpos (ent->stream, &pos);
-	      *errnop = ERANGE;
-	      return NSS_STATUS_TRYAGAIN;
+	      goto erange;
 	    }
 
 	  /* Terminate the line for any case.  */
@@ -923,13 +939,9 @@ internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent,
 	     !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
 						   errnop)));
 
-      if (parse_res == -1)
-	{
-	  /* The parser ran out of space.  */
-	  fsetpos (ent->stream, &pos);
-	  *errnop = ERANGE;
-	  return NSS_STATUS_TRYAGAIN;
-	}
+      if (__builtin_expect (parse_res == -1, 0))
+	/* The parser ran out of space.  */
+	goto erange_reset;
 
       /* This is a real entry.  */
       if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
diff --git a/nis/nss_compat/compat-spwd.c b/nis/nss_compat/compat-spwd.c
index 55db10eadb..4ca6368139 100644
--- a/nis/nss_compat/compat-spwd.c
+++ b/nis/nss_compat/compat-spwd.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996-1999,2001,2002,2003 Free Software Foundation, Inc.
+/* Copyright (C) 1996-1999,2001,2002,2003,2004 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
 
@@ -451,17 +451,25 @@ getspent_next_file (struct spwd *result, ent_t *ent,
 
       do
 	{
+	  /* We need at least 3 characters for one line.  */
+	  if (__builtin_expect (buflen < 3, 0))
+	    {
+	    erange:
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  fgetpos (ent->stream, &pos);
 	  buffer[buflen - 1] = '\xff';
 	  p = fgets_unlocked (buffer, buflen, ent->stream);
 	  if (p == NULL && feof_unlocked (ent->stream))
 	    return NSS_STATUS_NOTFOUND;
 
-	  if (p == NULL || buffer[buflen - 1] != '\xff')
+	  if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
 	    {
+	    erange_reset:
 	      fsetpos (ent->stream, &pos);
-	      *errnop = ERANGE;
-	      return NSS_STATUS_TRYAGAIN;
+	      goto erange;
 	    }
 
 	  /* Skip leading blanks.  */
@@ -474,13 +482,9 @@ getspent_next_file (struct spwd *result, ent_t *ent,
 	     || !(parse_res = _nss_files_parse_spent (p, result, data,
 						      buflen, errnop)));
 
-      if (parse_res == -1)
-	{
-	  /* The parser ran out of space.  */
-	  fsetpos (ent->stream, &pos);
-	  *errnop = ERANGE;
-	  return NSS_STATUS_TRYAGAIN;
-	}
+      if (__builtin_expect (parse_res == -1, 0))
+	/* The parser ran out of space.  */
+	goto erange_reset;
 
       if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
 	/* This is a real entry.  */
@@ -645,6 +649,14 @@ internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent,
 
       do
 	{
+	  /* We need at least 3 characters for one line.  */
+	  if (__builtin_expect (buflen < 3, 0))
+	    {
+	    erange:
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
 	  fgetpos (ent->stream, &pos);
 	  buffer[buflen - 1] = '\xff';
 	  p = fgets_unlocked (buffer, buflen, ent->stream);
@@ -653,9 +665,9 @@ internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent,
 
 	  if (p == NULL || buffer[buflen - 1] != '\xff')
 	    {
+	    erange_reset:
 	      fsetpos (ent->stream, &pos);
-	      *errnop = ERANGE;
-	      return NSS_STATUS_TRYAGAIN;
+	      goto erange;
 	    }
 
           /* Terminate the line for any case.  */
@@ -671,13 +683,9 @@ internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent,
 	     !(parse_res = _nss_files_parse_spent (p, result, data, buflen,
 						   errnop)));
 
-      if (parse_res == -1)
-	{
-	  /* The parser ran out of space.  */
-	  fsetpos (ent->stream, &pos);
-	  *errnop = ERANGE;
-	  return NSS_STATUS_TRYAGAIN;
-	}
+      if (__builtin_expect (parse_res == -1, 0))
+	/* The parser ran out of space.  */
+	goto erange_reset;
 
       /* This is a real entry.  */
       if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
diff --git a/nptl/sysdeps/pthread/pthread.h b/nptl/sysdeps/pthread/pthread.h
index 18ccb83c50..27666483d9 100644
--- a/nptl/sysdeps/pthread/pthread.h
+++ b/nptl/sysdeps/pthread/pthread.h
@@ -83,7 +83,7 @@ enum
 
 
 /* Read-write lock types.  */
-#ifdef __USE_UNIX98
+#if defined __USE_UNIX98 || defined __USE_XOPEN2K
 enum
 {
   PTHREAD_RWLOCK_PREFER_READER_NP,
@@ -91,21 +91,21 @@ enum
   PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP,
   PTHREAD_RWLOCK_DEFAULT_NP = PTHREAD_RWLOCK_PREFER_READER_NP
 };
-#endif  /* Unix98 */
 
 /* Read-write lock initializers.  */
-#define PTHREAD_RWLOCK_INITIALIZER \
+# define PTHREAD_RWLOCK_INITIALIZER \
   { }
-#ifdef __USE_GNU
-# if __WORDSIZE == 64
-#  define PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP \
+# ifdef __USE_GNU
+#  if __WORDSIZE == 64
+#   define PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP \
   { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,					      \
       PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP } }
-# else
-#  define PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP \
+#  else
+#   define PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP \
   { { 0, 0, 0, 0, 0, 0, PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP } }
+#  endif
 # endif
-#endif
+#endif  /* Unix98 or XOpen2K */
 
 
 /* Scheduler inheritance.  */