about summary refs log tree commit diff
path: root/nscd
diff options
context:
space:
mode:
Diffstat (limited to 'nscd')
-rw-r--r--nscd/Makefile2
-rw-r--r--nscd/cache.c2
-rw-r--r--nscd/gai.c5
-rw-r--r--nscd/grpcache.c3
-rw-r--r--nscd/nscd-client.h10
-rw-r--r--nscd/nscd.c4
-rw-r--r--nscd/nscd.init9
-rw-r--r--nscd/nscd_getai.c71
-rw-r--r--nscd/nscd_getgr_r.c108
-rw-r--r--nscd/nscd_gethst_r.c147
-rw-r--r--nscd/nscd_getpw_r.c70
-rw-r--r--nscd/nscd_helper.c43
-rw-r--r--nscd/nscd_initgroups.c62
-rw-r--r--nscd/pwdcache.c3
-rw-r--r--nscd/selinux.c18
-rw-r--r--nscd/selinux.h4
16 files changed, 222 insertions, 339 deletions
diff --git a/nscd/Makefile b/nscd/Makefile
index 9c98018217..21657abeb7 100644
--- a/nscd/Makefile
+++ b/nscd/Makefile
@@ -119,9 +119,7 @@ CFLAGS-initgrcache.c += $(nscd-cflags)
 CFLAGS-gai.c += $(nscd-cflags)
 
 ifeq (yesyes,$(have-fpie)$(build-shared))
-ifeq (yes,$(have-z-relro))
 relro-LDFLAGS += -Wl,-z,now
-endif
 
 $(objpfx)nscd: $(addprefix $(objpfx),$(nscd-modules:=.o))
 	$(LINK.o) -pie -Wl,-O1 $(nscd-cflags) \
diff --git a/nscd/cache.c b/nscd/cache.c
index be9be2aa4f..ef986f374a 100644
--- a/nscd/cache.c
+++ b/nscd/cache.c
@@ -125,7 +125,7 @@ cache_add (int type, const void *key, size_t len, struct datahead *packet,
 
       dbg_log (_("add new entry \"%s\" of type %s for %s to cache%s"),
 	       str, serv2str[type], dbnames[table - dbs],
-	       first ? " (first)" : "");
+	       first ? _(" (first)") : "");
     }
 
   unsigned long int hash = __nis_hash (key, len) % table->head->module;
diff --git a/nscd/gai.c b/nscd/gai.c
index 68719d876a..2e706bdfe7 100644
--- a/nscd/gai.c
+++ b/nscd/gai.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 2004.
 
@@ -15,7 +15,6 @@
    along with this program; if not, write to the Free Software Foundation,
    Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
 
-#include <alloca.h>
 /* This file uses the getaddrinfo code but it compiles it without NSCD
    support.  We just need a few symbol renames.  */
 #define __getservbyname_r getservbyname_r
@@ -27,8 +26,6 @@
 #define __sendto sendto
 #define __strchrnul strchrnul
 #define __getline getline
-/* nscd uses 1MB or 2MB thread stacks.  */
-#define __libc_use_alloca(size) (size <= __MAX_ALLOCA_CUTOFF)
 
 #include <getaddrinfo.c>
 
diff --git a/nscd/grpcache.c b/nscd/grpcache.c
index c207492cc0..5a8fba4759 100644
--- a/nscd/grpcache.c
+++ b/nscd/grpcache.c
@@ -1,5 +1,5 @@
 /* Cache handling for group lookup.
-   Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc.
+   Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
 
@@ -279,7 +279,6 @@ cache_addgr (struct database_dyn *db, int fd, request_header *req,
 		  /* Adjust pointers into the memory block.  */
 		  gr_name = (char *) newp + (gr_name - (char *) dataset);
 		  cp = (char *) newp + (cp - (char *) dataset);
-		  key_copy = (char *) newp + (key_copy - (char *) dataset);
 
 		  dataset = memcpy (newp, dataset, total + n);
 		  alloca_used = false;
diff --git a/nscd/nscd-client.h b/nscd/nscd-client.h
index 8946b6315b..0fd2d9f547 100644
--- a/nscd/nscd-client.h
+++ b/nscd/nscd-client.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 1998, 1999, 2000, 2003, 2004, 2005, 2006, 2007
+/* Copyright (c) 1998, 1999, 2000, 2003, 2004, 2005, 2006
    Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
@@ -307,10 +307,10 @@ static inline int __nscd_drop_map_ref (struct mapped_database *map,
 
 
 /* Search the mapped database.  */
-extern struct datahead *__nscd_cache_search (request_type type,
-					     const char *key,
-					     size_t keylen,
-					     const struct mapped_database *mapped);
+extern const struct datahead *__nscd_cache_search (request_type type,
+						   const char *key,
+						   size_t keylen,
+						   const struct mapped_database *mapped);
 
 /* Wrappers around read, readv and write that only read/write less than LEN
    bytes on error or EOF.  */
diff --git a/nscd/nscd.c b/nscd/nscd.c
index add4698406..b68ae2f413 100644
--- a/nscd/nscd.c
+++ b/nscd/nscd.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1998-2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+/* Copyright (c) 1998-2006, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
 
@@ -402,7 +402,7 @@ print_version (FILE *stream, struct argp_state *state)
 Copyright (C) %s Free Software Foundation, Inc.\n\
 This is free software; see the source for copying conditions.  There is NO\n\
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
-"), "2006");
+"), "2007");
   fprintf (stream, gettext ("Written by %s.\n"),
 	   "Thorsten Kukuk and Ulrich Drepper");
 }
diff --git a/nscd/nscd.init b/nscd/nscd.init
index a0074b99e5..a882da7d8b 100644
--- a/nscd/nscd.init
+++ b/nscd/nscd.init
@@ -49,15 +49,8 @@ prog=nscd
 start () {
     [ -d /var/run/nscd ] || mkdir /var/run/nscd
     [ -d /var/db/nscd ] || mkdir /var/db/nscd
-    secure=""
-#   for table in passwd group hosts
-#   do
-#   	if egrep -q '^'$table':.*nisplus' /etc/nsswitch.conf; then
-#   	    /usr/lib/nscd_nischeck $table || secure="$secure -S $table,yes"
-#   	fi
-#   done
     echo -n $"Starting $prog: "
-    daemon /usr/sbin/nscd $secure
+    daemon /usr/sbin/nscd
     RETVAL=$?
     echo
     [ $RETVAL -eq 0 ] && touch /var/lock/subsys/nscd
diff --git a/nscd/nscd_getai.c b/nscd/nscd_getai.c
index 5df32dc6dc..b59c31ea26 100644
--- a/nscd/nscd_getai.c
+++ b/nscd/nscd_getai.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@redhat.com>, 2004.
 
@@ -42,7 +42,6 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
 {
   size_t keylen = strlen (key) + 1;
   int gc_cycle;
-  int nretries = 0;
 
   /* If the mapping is available, try to search there instead of
      communicating with the nscd.  */
@@ -51,53 +50,49 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
 			       &gc_cycle);
 
  retry:;
+  const ai_response_header *ai_resp = NULL;
   struct nscd_ai_result *resultbuf = NULL;
   const char *recend = (const char *) ~UINTMAX_C (0);
   char *respdata = NULL;
   int retval = -1;
   int sock = -1;
-  ai_response_header ai_resp;
 
   if (mapped != NO_MAPPING)
     {
-      struct datahead *found = __nscd_cache_search (GETAI, key, keylen,
-						    mapped);
+      const struct datahead *found = __nscd_cache_search (GETAI, key, keylen,
+							  mapped);
       if (found != NULL)
 	{
-	  respdata = (char *) (&found->data[0].aidata + 1);
-	  ai_resp = found->data[0].aidata;
+	  ai_resp = &found->data[0].aidata;
+	  respdata = (char *) (ai_resp + 1);
 	  recend = (const char *) found->data + found->recsize;
-	  /* Now check if we can trust ai_resp fields.  If GC is
-	     in progress, it can contain anything.  */
-	  if (mapped->head->gc_cycle != gc_cycle)
-	    {
-	      retval = -2;
-	      goto out;
-	    }
 	}
     }
 
   /* If we do not have the cache mapped, try to get the data over the
      socket.  */
-  if (respdata == NULL)
+  ai_response_header ai_resp_mem;
+  if (ai_resp == NULL)
     {
-      sock = __nscd_open_socket (key, keylen, GETAI, &ai_resp,
-				 sizeof (ai_resp));
+      sock = __nscd_open_socket (key, keylen, GETAI, &ai_resp_mem,
+				 sizeof (ai_resp_mem));
       if (sock == -1)
 	{
 	  /* nscd not running or wrong version.  */
 	  __nss_not_use_nscd_hosts = 1;
 	  goto out;
 	}
+
+      ai_resp = &ai_resp_mem;
     }
 
-  if (ai_resp.found == 1)
+  if (ai_resp->found == 1)
     {
-      size_t datalen = ai_resp.naddrs + ai_resp.addrslen + ai_resp.canonlen;
+      size_t datalen = ai_resp->naddrs + ai_resp->addrslen + ai_resp->canonlen;
 
-      /* This check really only affects the case where the data
+      /* This check is really only affects the case where the data
 	 comes from the mapped cache.  */
-      if (respdata + datalen > recend)
+      if ((char *) (ai_resp + 1) + datalen > recend)
 	{
 	  assert (sock == -1);
 	  goto out;
@@ -113,10 +108,10 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
 	}
 
       /* Set up the data structure, including pointers.  */
-      resultbuf->naddrs = ai_resp.naddrs;
+      resultbuf->naddrs = ai_resp->naddrs;
       resultbuf->addrs = (char *) (resultbuf + 1);
-      resultbuf->family = (uint8_t *) (resultbuf->addrs + ai_resp.addrslen);
-      if (ai_resp.canonlen != 0)
+      resultbuf->family = (uint8_t *) (resultbuf->addrs + ai_resp->addrslen);
+      if (ai_resp->canonlen != 0)
 	resultbuf->canon = (char *) (resultbuf->family + resultbuf->naddrs);
       else
 	resultbuf->canon = NULL;
@@ -142,13 +137,10 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
 
 	  /* Try to detect corrupt databases.  */
 	  if (resultbuf->canon != NULL
-	      && resultbuf->canon[ai_resp.canonlen - 1] != '\0')
+	      && resultbuf->canon[ai_resp->canonlen - 1] != '\0')
 	    /* We cannot use the database.  */
 	    {
-	      if (mapped->head->gc_cycle != gc_cycle)
-		retval = -2;
-	      else
-		free (resultbuf);
+	      free (resultbuf);
 	      goto out_close;
 	    }
 
@@ -158,7 +150,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
     }
   else
     {
-      if (__builtin_expect (ai_resp.found == -1, 0))
+      if (__builtin_expect (ai_resp->found == -1, 0))
 	{
 	  /* The daemon does not cache this database.  */
 	  __nss_not_use_nscd_hosts = 1;
@@ -166,7 +158,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
 	}
 
       /* Store the error number.  */
-      *h_errnop = ai_resp.error;
+      *h_errnop = ai_resp->error;
 
       /* The `errno' to some value != ERANGE.  */
       __set_errno (ENOENT);
@@ -178,25 +170,22 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop)
   if (sock != -1)
     close_not_cancel_no_status (sock);
  out:
-  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
+  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
     {
       /* When we come here this means there has been a GC cycle while we
 	 were looking for the data.  This means the data might have been
 	 inconsistent.  Retry if possible.  */
-      if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
+      if ((gc_cycle & 1) != 0)
 	{
 	  /* nscd is just running gc now.  Disable using the mapping.  */
-	  if (atomic_decrement_val (&mapped->counter) == 0)
-	    __nscd_unmap (mapped);
+	  __nscd_unmap (mapped);
 	  mapped = NO_MAPPING;
 	}
 
-      if (retval != -1)
-	{
-	  *result = NULL;
-	  free (resultbuf);
-	  goto retry;
-	}
+      *result = NULL;
+      free (resultbuf);
+
+      goto retry;
     }
 
   return retval;
diff --git a/nscd/nscd_getgr_r.c b/nscd/nscd_getgr_r.c
index fc036f2888..922b906c19 100644
--- a/nscd/nscd_getgr_r.c
+++ b/nscd/nscd_getgr_r.c
@@ -1,5 +1,4 @@
-/* Copyright (C) 1998-2000, 2002-2005, 2006, 2007
-   Free Software Foundation, Inc.
+/* Copyright (C) 1998-2000, 2002-2005, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998.
 
@@ -89,7 +88,6 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
 	      struct group **result)
 {
   int gc_cycle;
-  int nretries = 0;
   const uint32_t *len = NULL;
   size_t lensize = 0;
 
@@ -99,59 +97,55 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
 						       &__gr_map_handle,
 						       &gc_cycle);
  retry:;
+  const gr_response_header *gr_resp = NULL;
   const char *gr_name = NULL;
   size_t gr_name_len = 0;
   int retval = -1;
   const char *recend = (const char *) ~UINTMAX_C (0);
-  gr_response_header gr_resp;
 
   if (mapped != NO_MAPPING)
     {
-      struct datahead *found = __nscd_cache_search (type, key, keylen, mapped);
+      const struct datahead *found = __nscd_cache_search (type, key, keylen,
+							  mapped);
       if (found != NULL)
 	{
-	  len = (const uint32_t *) (&found->data[0].grdata + 1);
-	  gr_resp = found->data[0].grdata;
+	  gr_resp = &found->data[0].grdata;
+	  len = (const uint32_t *) (gr_resp + 1);
+	  /* The alignment is always sufficient.  */
+	  assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0);
 	  gr_name = ((const char *) len
-		     + gr_resp.gr_mem_cnt * sizeof (uint32_t));
-	  gr_name_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
+		     + gr_resp->gr_mem_cnt * sizeof (uint32_t));
+	  gr_name_len = gr_resp->gr_name_len + gr_resp->gr_passwd_len;
 	  recend = (const char *) found->data + found->recsize;
-	  /* Now check if we can trust gr_resp fields.  If GC is
-	     in progress, it can contain anything.  */
-	  if (mapped->head->gc_cycle != gc_cycle)
-	    {
-	      retval = -2;
-	      goto out;
-	    }
-
-	  /* The alignment is always sufficient, unless GC is in progress.  */
-	  assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0);
 	}
     }
 
+  gr_response_header gr_resp_mem;
   int sock = -1;
-  if (gr_name == NULL)
+  if (gr_resp == NULL)
     {
-      sock = __nscd_open_socket (key, keylen, type, &gr_resp,
-				 sizeof (gr_resp));
+      sock = __nscd_open_socket (key, keylen, type, &gr_resp_mem,
+				 sizeof (gr_resp_mem));
       if (sock == -1)
 	{
 	  __nss_not_use_nscd_group = 1;
 	  goto out;
 	}
+
+      gr_resp = &gr_resp_mem;
     }
 
   /* No value found so far.  */
   *result = NULL;
 
-  if (__builtin_expect (gr_resp.found == -1, 0))
+  if (__builtin_expect (gr_resp->found == -1, 0))
     {
       /* The daemon does not cache this database.  */
       __nss_not_use_nscd_group = 1;
       goto out_close;
     }
 
-  if (gr_resp.found == 1)
+  if (gr_resp->found == 1)
     {
       struct iovec vec[2];
       char *p = buffer;
@@ -163,8 +157,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
 	 align the pointer.  */
       align = ((__alignof__ (char *) - (p - ((char *) 0)))
 	       & (__alignof__ (char *) - 1));
-      total_len = (align + (1 + gr_resp.gr_mem_cnt) * sizeof (char *)
-		   + gr_resp.gr_name_len + gr_resp.gr_passwd_len);
+      total_len = (align + (1 + gr_resp->gr_mem_cnt) * sizeof (char *)
+		   + gr_resp->gr_name_len + gr_resp->gr_passwd_len);
       if (__builtin_expect (buflen < total_len, 0))
 	{
 	no_room:
@@ -176,16 +170,16 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
 
       p += align;
       resultbuf->gr_mem = (char **) p;
-      p += (1 + gr_resp.gr_mem_cnt) * sizeof (char *);
+      p += (1 + gr_resp->gr_mem_cnt) * sizeof (char *);
 
       /* Set pointers for strings.  */
       resultbuf->gr_name = p;
-      p += gr_resp.gr_name_len;
+      p += gr_resp->gr_name_len;
       resultbuf->gr_passwd = p;
-      p += gr_resp.gr_passwd_len;
+      p += gr_resp->gr_passwd_len;
 
       /* Fill in what we know now.  */
-      resultbuf->gr_gid = gr_resp.gr_gid;
+      resultbuf->gr_gid = gr_resp->gr_gid;
 
       /* Read the length information, group name, and password.  */
       if (gr_name == NULL)
@@ -193,17 +187,17 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
 	  /* Allocate array to store lengths.  */
 	  if (lensize == 0)
 	    {
-	      lensize = gr_resp.gr_mem_cnt * sizeof (uint32_t);
+	      lensize = gr_resp->gr_mem_cnt * sizeof (uint32_t);
 	      len = (uint32_t *) alloca (lensize);
 	    }
-	  else if (gr_resp.gr_mem_cnt * sizeof (uint32_t) > lensize)
+	  else if (gr_resp->gr_mem_cnt * sizeof (uint32_t) > lensize)
 	    len = extend_alloca (len, lensize,
-				 gr_resp.gr_mem_cnt * sizeof (uint32_t));
+				 gr_resp->gr_mem_cnt * sizeof (uint32_t));
 
 	  vec[0].iov_base = (void *) len;
-	  vec[0].iov_len = gr_resp.gr_mem_cnt * sizeof (uint32_t);
+	  vec[0].iov_len = gr_resp->gr_mem_cnt * sizeof (uint32_t);
 	  vec[1].iov_base = resultbuf->gr_name;
-	  vec[1].iov_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
+	  vec[1].iov_len = gr_resp->gr_name_len + gr_resp->gr_passwd_len;
 	  total_len = vec[0].iov_len + vec[1].iov_len;
 
 	  /* Get this data.  */
@@ -215,14 +209,14 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
 	/* We already have the data.  Just copy the group name and
 	   password.  */
 	memcpy (resultbuf->gr_name, gr_name,
-		gr_resp.gr_name_len + gr_resp.gr_passwd_len);
+		gr_resp->gr_name_len + gr_resp->gr_passwd_len);
 
       /* Clear the terminating entry.  */
-      resultbuf->gr_mem[gr_resp.gr_mem_cnt] = NULL;
+      resultbuf->gr_mem[gr_resp->gr_mem_cnt] = NULL;
 
       /* Prepare reading the group members.  */
       total_len = 0;
-      for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt)
+      for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt)
 	{
 	  resultbuf->gr_mem[cnt] = p;
 	  total_len += len[cnt];
@@ -230,25 +224,9 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
 	}
 
       if (__builtin_expect (gr_name + gr_name_len + total_len > recend, 0))
-	{
-	  /* len array might contain garbage during nscd GC cycle,
-	     retry rather than fail in that case.  */
-	  if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle)
-	    retval = -2;
-	  goto out_close;
-	}
+	goto out_close;
       if (__builtin_expect (total_len > buflen, 0))
-	{
-	  /* len array might contain garbage during nscd GC cycle,
-	     retry rather than fail in that case.  */
-	  if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle)
-	    {
-	      retval = -2;
-	      goto out_close;
-	    }
-	  else
-	    goto no_room;
-	}
+	goto no_room;
 
       retval = 0;
       if (gr_name == NULL)
@@ -270,14 +248,14 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
 
 	  /* Try to detect corrupt databases.  */
 	  if (resultbuf->gr_name[gr_name_len - 1] != '\0'
-	      || resultbuf->gr_passwd[gr_resp.gr_passwd_len - 1] != '\0'
-	      || ({for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt)
+	      || resultbuf->gr_passwd[gr_resp->gr_passwd_len - 1] != '\0'
+	      || ({for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt)
 		     if (resultbuf->gr_mem[cnt][len[cnt] - 1] != '\0')
 		       break;
-	  	   cnt < gr_resp.gr_mem_cnt; }))
+	  	   cnt < gr_resp->gr_mem_cnt; }))
 	    {
 	      /* We cannot use the database.  */
-	      retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1;
+	      retval = -1;
 	      goto out_close;
 	    }
 
@@ -296,21 +274,19 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
   if (sock != -1)
     close_not_cancel_no_status (sock);
  out:
-  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
+  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
     {
       /* When we come here this means there has been a GC cycle while we
 	 were looking for the data.  This means the data might have been
 	 inconsistent.  Retry if possible.  */
-      if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
+      if ((gc_cycle & 1) != 0)
 	{
 	  /* nscd is just running gc now.  Disable using the mapping.  */
-	  if (atomic_decrement_val (&mapped->counter) == 0)
-	    __nscd_unmap (mapped);
+	  __nscd_unmap (mapped);
 	  mapped = NO_MAPPING;
 	}
 
-      if (retval != -1)
-	goto retry;
+      goto retry;
     }
 
   return retval;
diff --git a/nscd/nscd_gethst_r.c b/nscd/nscd_gethst_r.c
index 90e1815bdd..516977bcc4 100644
--- a/nscd/nscd_gethst_r.c
+++ b/nscd/nscd_gethst_r.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc.
+/* Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
 
@@ -118,6 +118,7 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
 			       &gc_cycle);
 
  retry:;
+  const hst_response_header *hst_resp = NULL;
   const char *h_name = NULL;
   const uint32_t *aliases_len = NULL;
   const char *addr_list = NULL;
@@ -125,27 +126,18 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
   int retval = -1;
   const char *recend = (const char *) ~UINTMAX_C (0);
   int sock = -1;
-  hst_response_header hst_resp;
   if (mapped != NO_MAPPING)
     {
-      /* No const qualifier, as it can change during garbage collection.  */
-      struct datahead *found = __nscd_cache_search (type, key, keylen, mapped);
+      const struct datahead *found = __nscd_cache_search (type, key, keylen,
+							  mapped);
       if (found != NULL)
 	{
-	  h_name = (char *) (&found->data[0].hstdata + 1);
-	  hst_resp = found->data[0].hstdata;
-	  aliases_len = (uint32_t *) (h_name + hst_resp.h_name_len);
+	  hst_resp = &found->data[0].hstdata;
+	  h_name = (char *) (hst_resp + 1);
+	  aliases_len = (uint32_t *) (h_name + hst_resp->h_name_len);
 	  addr_list = ((char *) aliases_len
-		       + hst_resp.h_aliases_cnt * sizeof (uint32_t));
-	  addr_list_len = hst_resp.h_addr_list_cnt * INADDRSZ;
-	  recend = (const char *) found->data + found->recsize;
-	  /* Now check if we can trust hst_resp fields.  If GC is
-	     in progress, it can contain anything.  */
-	  if (mapped->head->gc_cycle != gc_cycle)
-	    {
-	      retval = -2;
-	      goto out;
-	    }
+		       + hst_resp->h_aliases_cnt * sizeof (uint32_t));
+	  addr_list_len = hst_resp->h_addr_list_cnt * INADDRSZ;
 
 #ifndef _STRING_ARCH_unaligned
 	  /* The aliases_len array in the mapped database might very
@@ -155,47 +147,51 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
 	  if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1))
 	      != 0)
 	    {
-	      uint32_t *tmp = alloca (hst_resp.h_aliases_cnt
+	      uint32_t *tmp = alloca (hst_resp->h_aliases_cnt
 				      * sizeof (uint32_t));
 	      aliases_len = memcpy (tmp, aliases_len,
-				    hst_resp.h_aliases_cnt
+				    hst_resp->h_aliases_cnt
 				    * sizeof (uint32_t));
 	    }
 #endif
 	  if (type != GETHOSTBYADDR && type != GETHOSTBYNAME)
 	    {
-	      if (hst_resp.h_length == INADDRSZ)
+	      if (hst_resp->h_length == INADDRSZ)
 		addr_list += addr_list_len;
-	      addr_list_len = hst_resp.h_addr_list_cnt * IN6ADDRSZ;
+	      addr_list_len = hst_resp->h_addr_list_cnt * IN6ADDRSZ;
 	    }
+	  recend = (const char *) found->data + found->recsize;
 	  if (__builtin_expect ((const char *) addr_list + addr_list_len
 				> recend, 0))
-	    goto out;
+	    goto out_close;
 	}
     }
 
-  if (h_name == NULL)
+  hst_response_header hst_resp_mem;
+  if (hst_resp == NULL)
     {
-      sock = __nscd_open_socket (key, keylen, type, &hst_resp,
-				 sizeof (hst_resp));
+      sock = __nscd_open_socket (key, keylen, type, &hst_resp_mem,
+				 sizeof (hst_resp_mem));
       if (sock == -1)
 	{
 	  __nss_not_use_nscd_hosts = 1;
-	  goto out;
+	  goto out;;
 	}
+
+      hst_resp = &hst_resp_mem;
     }
 
   /* No value found so far.  */
   *result = NULL;
 
-  if (__builtin_expect (hst_resp.found == -1, 0))
+  if (__builtin_expect (hst_resp->found == -1, 0))
     {
       /* The daemon does not cache this database.  */
       __nss_not_use_nscd_hosts = 1;
       goto out_close;
     }
 
-  if (hst_resp.found == 1)
+  if (hst_resp->found == 1)
     {
       struct iovec vec[4];
       char *cp = buffer;
@@ -211,15 +207,15 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
 	 align the pointer and the base of the h_addr_list pointers.  */
       align1 = ((__alignof__ (char *) - (cp - ((char *) 0)))
 		& (__alignof__ (char *) - 1));
-      align2 = ((__alignof__ (char *) - ((cp + align1 + hst_resp.h_name_len)
+      align2 = ((__alignof__ (char *) - ((cp + align1 + hst_resp->h_name_len)
 					 - ((char *) 0)))
 		& (__alignof__ (char *) - 1));
-      if (buflen < (align1 + hst_resp.h_name_len + align2
-		    + ((hst_resp.h_aliases_cnt + hst_resp.h_addr_list_cnt
+      if (buflen < (align1 + hst_resp->h_name_len + align2
+		    + ((hst_resp->h_aliases_cnt + hst_resp->h_addr_list_cnt
 			+ 2)
 		       * sizeof (char *))
-		    + hst_resp.h_addr_list_cnt * (type == AF_INET
-						  ? INADDRSZ : IN6ADDRSZ)))
+		    + hst_resp->h_addr_list_cnt * (type == AF_INET
+						   ? INADDRSZ : IN6ADDRSZ)))
 	{
 	no_room:
 	  *h_errnop = NETDB_INTERNAL;
@@ -231,12 +227,12 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
 
       /* Prepare the result as far as we can.  */
       resultbuf->h_aliases = (char **) cp;
-      cp += (hst_resp.h_aliases_cnt + 1) * sizeof (char *);
+      cp += (hst_resp->h_aliases_cnt + 1) * sizeof (char *);
       resultbuf->h_addr_list = (char **) cp;
-      cp += (hst_resp.h_addr_list_cnt + 1) * sizeof (char *);
+      cp += (hst_resp->h_addr_list_cnt + 1) * sizeof (char *);
 
       resultbuf->h_name = cp;
-      cp += hst_resp.h_name_len + align2;
+      cp += hst_resp->h_name_len + align2;
 
       if (type == GETHOSTBYADDR || type == GETHOSTBYNAME)
 	{
@@ -248,7 +244,7 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
 	  resultbuf->h_addrtype = AF_INET6;
 	  resultbuf->h_length = IN6ADDRSZ;
 	}
-      for (cnt = 0; cnt < hst_resp.h_addr_list_cnt; ++cnt)
+      for (cnt = 0; cnt < hst_resp->h_addr_list_cnt; ++cnt)
 	{
 	  resultbuf->h_addr_list[cnt] = cp;
 	  cp += resultbuf->h_length;
@@ -258,47 +254,47 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
       if (h_name == NULL)
 	{
 	  vec[0].iov_base = resultbuf->h_name;
-	  vec[0].iov_len = hst_resp.h_name_len;
-	  total_len = hst_resp.h_name_len;
+	  vec[0].iov_len = hst_resp->h_name_len;
+	  total_len = hst_resp->h_name_len;
 	  n = 1;
 
-	  if (hst_resp.h_aliases_cnt > 0)
+	  if (hst_resp->h_aliases_cnt > 0)
 	    {
-	      aliases_len = alloca (hst_resp.h_aliases_cnt
+	      aliases_len = alloca (hst_resp->h_aliases_cnt
 				    * sizeof (uint32_t));
 	      vec[n].iov_base = (void *) aliases_len;
-	      vec[n].iov_len = hst_resp.h_aliases_cnt * sizeof (uint32_t);
+	      vec[n].iov_len = hst_resp->h_aliases_cnt * sizeof (uint32_t);
 
-	      total_len += hst_resp.h_aliases_cnt * sizeof (uint32_t);
+	      total_len += hst_resp->h_aliases_cnt * sizeof (uint32_t);
 	      ++n;
 	    }
 
 	  if (type == GETHOSTBYADDR || type == GETHOSTBYNAME)
 	    {
 	      vec[n].iov_base = resultbuf->h_addr_list[0];
-	      vec[n].iov_len = hst_resp.h_addr_list_cnt * INADDRSZ;
+	      vec[n].iov_len = hst_resp->h_addr_list_cnt * INADDRSZ;
 
-	      total_len += hst_resp.h_addr_list_cnt * INADDRSZ;
+	      total_len += hst_resp->h_addr_list_cnt * INADDRSZ;
 
 	      ++n;
 	    }
 	  else
 	    {
-	      if (hst_resp.h_length == INADDRSZ)
+	      if (hst_resp->h_length == INADDRSZ)
 		{
-		  ignore = alloca (hst_resp.h_addr_list_cnt * INADDRSZ);
+		  ignore = alloca (hst_resp->h_addr_list_cnt * INADDRSZ);
 		  vec[n].iov_base = ignore;
-		  vec[n].iov_len = hst_resp.h_addr_list_cnt * INADDRSZ;
+		  vec[n].iov_len = hst_resp->h_addr_list_cnt * INADDRSZ;
 
-		  total_len += hst_resp.h_addr_list_cnt * INADDRSZ;
+		  total_len += hst_resp->h_addr_list_cnt * INADDRSZ;
 
 		  ++n;
 		}
 
 	      vec[n].iov_base = resultbuf->h_addr_list[0];
-	      vec[n].iov_len = hst_resp.h_addr_list_cnt * IN6ADDRSZ;
+	      vec[n].iov_len = hst_resp->h_addr_list_cnt * IN6ADDRSZ;
 
-	      total_len += hst_resp.h_addr_list_cnt * IN6ADDRSZ;
+	      total_len += hst_resp->h_addr_list_cnt * IN6ADDRSZ;
 
 	      ++n;
 	    }
@@ -308,13 +304,13 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
 	}
       else
 	{
-	  memcpy (resultbuf->h_name, h_name, hst_resp.h_name_len);
+	  memcpy (resultbuf->h_name, h_name, hst_resp->h_name_len);
 	  memcpy (resultbuf->h_addr_list[0], addr_list, addr_list_len);
 	}
 
       /*  Now we also can read the aliases.  */
       total_len = 0;
-      for (cnt = 0; cnt < hst_resp.h_aliases_cnt; ++cnt)
+      for (cnt = 0; cnt < hst_resp->h_aliases_cnt; ++cnt)
 	{
 	  resultbuf->h_aliases[cnt] = cp;
 	  cp += aliases_len[cnt];
@@ -324,25 +320,10 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
 
       if (__builtin_expect ((const char *) addr_list + addr_list_len
 			    + total_len > recend, 0))
-	{
-	  /* aliases_len array might contain garbage during nscd GC cycle,
-	     retry rather than fail in that case.  */
-	  if (addr_list != NULL && mapped->head->gc_cycle != gc_cycle)
-	    retval = -2;
-	  goto out_close;
-	}
+	goto out_close;
       /* See whether this would exceed the buffer capacity.  */
       if (__builtin_expect (cp > buffer + buflen, 0))
-	{
-	  /* aliases_len array might contain garbage during nscd GC cycle,
-	     retry rather than fail in that case.  */
-	  if (addr_list != NULL && mapped->head->gc_cycle != gc_cycle)
-	    {
-	      retval = -2;
-	      goto out_close;
-	    }
-	  goto no_room;
-	}
+	goto no_room;
 
       /* And finally read the aliases.  */
       if (addr_list == NULL)
@@ -361,18 +342,14 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
 		  (const char *) addr_list + addr_list_len, total_len);
 
 	  /* Try to detect corrupt databases.  */
-	  if (resultbuf->h_name[hst_resp.h_name_len - 1] != '\0'
-	      || ({for (cnt = 0; cnt < hst_resp.h_aliases_cnt; ++cnt)
+	  if (resultbuf->h_name[hst_resp->h_name_len - 1] != '\0'
+	      || ({for (cnt = 0; cnt < hst_resp->h_aliases_cnt; ++cnt)
 		     if (resultbuf->h_aliases[cnt][aliases_len[cnt] - 1]
 			 != '\0')
 		       break;
-		   cnt < hst_resp.h_aliases_cnt; }))
-	    {
-	      /* We cannot use the database.  */
-	      if (mapped->head->gc_cycle != gc_cycle)
-		retval = -2;
-	      goto out_close;
-	    }
+		   cnt < hst_resp->h_aliases_cnt; }))
+	    /* We cannot use the database.  */
+	    goto out_close;
 
 	  retval = 0;
 	  *result = resultbuf;
@@ -381,7 +358,7 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
   else
     {
       /* Store the error number.  */
-      *h_errnop = hst_resp.error;
+      *h_errnop = hst_resp->error;
 
       /* The `errno' to some value != ERANGE.  */
       __set_errno (ENOENT);
@@ -393,21 +370,19 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type,
   if (sock != -1)
     close_not_cancel_no_status (sock);
  out:
-  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
+  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
     {
       /* When we come here this means there has been a GC cycle while we
 	 were looking for the data.  This means the data might have been
 	 inconsistent.  Retry if possible.  */
-      if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
+      if ((gc_cycle & 1) != 0 || ++nretries == 5)
 	{
 	  /* nscd is just running gc now.  Disable using the mapping.  */
-	  if (atomic_decrement_val (&mapped->counter) == 0)
-	    __nscd_unmap (mapped);
+	  __nscd_unmap (mapped);
 	  mapped = NO_MAPPING;
 	}
 
-      if (retval != -1)
-	goto retry;
+      goto retry;
     }
 
   return retval;
diff --git a/nscd/nscd_getpw_r.c b/nscd/nscd_getpw_r.c
index b84baa1a66..e8e4d7364f 100644
--- a/nscd/nscd_getpw_r.c
+++ b/nscd/nscd_getpw_r.c
@@ -1,5 +1,4 @@
-/* Copyright (C) 1998, 1999, 2003, 2004, 2005, 2007
-   Free Software Foundation, Inc.
+/* Copyright (C) 1998, 1999, 2003, 2004, 2005 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998.
 
@@ -89,81 +88,76 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type,
 	      struct passwd **result)
 {
   int gc_cycle;
-  int nretries = 0;
-
   /* If the mapping is available, try to search there instead of
      communicating with the nscd.  */
   struct mapped_database *mapped;
   mapped = __nscd_get_map_ref (GETFDPW, "passwd", &map_handle, &gc_cycle);
 
  retry:;
+  const pw_response_header *pw_resp = NULL;
   const char *pw_name = NULL;
   int retval = -1;
   const char *recend = (const char *) ~UINTMAX_C (0);
-  pw_response_header pw_resp;
 
   if (mapped != NO_MAPPING)
     {
-      struct datahead *found = __nscd_cache_search (type, key, keylen, mapped);
+      const struct datahead *found = __nscd_cache_search (type, key, keylen,
+							  mapped);
       if (found != NULL)
 	{
-	  pw_name = (const char *) (&found->data[0].pwdata + 1);
-	  pw_resp = found->data[0].pwdata;
+	  pw_resp = &found->data[0].pwdata;
+	  pw_name = (const char *) (pw_resp + 1);
 	  recend = (const char *) found->data + found->recsize;
-	  /* Now check if we can trust pw_resp fields.  If GC is
-	     in progress, it can contain anything.  */
-	  if (mapped->head->gc_cycle != gc_cycle)
-	    {
-	      retval = -2;
-	      goto out;
-	    }
 	}
     }
 
+  pw_response_header pw_resp_mem;
   int sock = -1;
-  if (pw_name == NULL)
+  if (pw_resp == NULL)
     {
-      sock = __nscd_open_socket (key, keylen, type, &pw_resp,
-				 sizeof (pw_resp));
+      sock = __nscd_open_socket (key, keylen, type, &pw_resp_mem,
+				 sizeof (pw_resp_mem));
       if (sock == -1)
 	{
 	  __nss_not_use_nscd_passwd = 1;
 	  goto out;
 	}
+
+      pw_resp = &pw_resp_mem;
     }
 
   /* No value found so far.  */
   *result = NULL;
 
-  if (__builtin_expect (pw_resp.found == -1, 0))
+  if (__builtin_expect (pw_resp->found == -1, 0))
     {
       /* The daemon does not cache this database.  */
       __nss_not_use_nscd_passwd = 1;
       goto out_close;
     }
 
-  if (pw_resp.found == 1)
+  if (pw_resp->found == 1)
     {
       /* Set the information we already have.  */
-      resultbuf->pw_uid = pw_resp.pw_uid;
-      resultbuf->pw_gid = pw_resp.pw_gid;
+      resultbuf->pw_uid = pw_resp->pw_uid;
+      resultbuf->pw_gid = pw_resp->pw_gid;
 
       char *p = buffer;
       /* get pw_name */
       resultbuf->pw_name = p;
-      p += pw_resp.pw_name_len;
+      p += pw_resp->pw_name_len;
       /* get pw_passwd */
       resultbuf->pw_passwd = p;
-      p += pw_resp.pw_passwd_len;
+      p += pw_resp->pw_passwd_len;
       /* get pw_gecos */
       resultbuf->pw_gecos = p;
-      p += pw_resp.pw_gecos_len;
+      p += pw_resp->pw_gecos_len;
       /* get pw_dir */
       resultbuf->pw_dir = p;
-      p += pw_resp.pw_dir_len;
+      p += pw_resp->pw_dir_len;
       /* get pw_pshell */
       resultbuf->pw_shell = p;
-      p += pw_resp.pw_shell_len;
+      p += pw_resp->pw_shell_len;
 
       ssize_t total = p - buffer;
       if (__builtin_expect (pw_name + total > recend, 0))
@@ -195,14 +189,14 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type,
 	  memcpy (resultbuf->pw_name, pw_name, total);
 
 	  /* Try to detect corrupt databases.  */
-	  if (resultbuf->pw_name[pw_resp.pw_name_len - 1] != '\0'
-	      || resultbuf->pw_passwd[pw_resp.pw_passwd_len - 1] != '\0'
-	      || resultbuf->pw_gecos[pw_resp.pw_gecos_len - 1] != '\0'
-	      || resultbuf->pw_dir[pw_resp.pw_dir_len - 1] != '\0'
-	      || resultbuf->pw_shell[pw_resp.pw_shell_len - 1] != '\0')
+	  if (resultbuf->pw_name[pw_resp->pw_name_len - 1] != '\0'
+	      || resultbuf->pw_passwd[pw_resp->pw_passwd_len - 1] != '\0'
+	      || resultbuf->pw_gecos[pw_resp->pw_gecos_len - 1] != '\0'
+	      || resultbuf->pw_dir[pw_resp->pw_dir_len - 1] != '\0'
+	      || resultbuf->pw_shell[pw_resp->pw_shell_len - 1] != '\0')
 	    {
 	      /* We cannot use the database.  */
-	      retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1;
+	      retval = -1;
 	      goto out_close;
 	    }
 
@@ -221,21 +215,19 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type,
   if (sock != -1)
     close_not_cancel_no_status (sock);
  out:
-  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
+  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
     {
       /* When we come here this means there has been a GC cycle while we
 	 were looking for the data.  This means the data might have been
 	 inconsistent.  Retry if possible.  */
-      if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
+      if ((gc_cycle & 1) != 0)
 	{
 	  /* nscd is just running gc now.  Disable using the mapping.  */
-	  if (atomic_decrement_val (&mapped->counter) == 0)
-	    __nscd_unmap (mapped);
+	  __nscd_unmap (mapped);
 	  mapped = NO_MAPPING;
 	}
 
-      if (retval != -1)
-	goto retry;
+      goto retry;
     }
 
   return retval;
diff --git a/nscd/nscd_helper.c b/nscd/nscd_helper.c
index 71ea53e19d..7c45981586 100644
--- a/nscd/nscd_helper.c
+++ b/nscd/nscd_helper.c
@@ -1,5 +1,4 @@
-/* Copyright (C) 1998-2002,2003,2004,2005,2006,2007
-   Free Software Foundation, Inc.
+/* Copyright (C) 1998-2002,2003,2004,2005,2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
 
@@ -22,7 +21,6 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <stdbool.h>
-#include <string.h>
 #include <time.h>
 #include <unistd.h>
 #include <sys/mman.h>
@@ -188,7 +186,6 @@ get_mapping (request_type type, const char *key,
     request_header req;
     char key[keylen];
   } reqdata;
-  size_t real_sizeof_reqdata = sizeof (request_header) + keylen;
 
   int sock = open_socket ();
   if (sock < 0)
@@ -203,9 +200,9 @@ get_mapping (request_type type, const char *key,
 #  define MSG_NOSIGNAL 0
 # endif
   if (__builtin_expect (TEMP_FAILURE_RETRY (__send (sock, &reqdata,
-						    real_sizeof_reqdata,
+						    sizeof (reqdata),
 						    MSG_NOSIGNAL))
-			!= real_sizeof_reqdata, 0))
+			!= sizeof (reqdata), 0))
     /* We cannot even write the request.  */
     goto out_close2;
 
@@ -243,13 +240,12 @@ get_mapping (request_type type, const char *key,
 			!= keylen, 0))
     goto out_close2;
 
-  if (__builtin_expect (CMSG_FIRSTHDR (&msg) == NULL
-			|| (CMSG_FIRSTHDR (&msg)->cmsg_len
-			    != CMSG_LEN (sizeof (int))), 0))
-    goto out_close2;
-
   mapfd = *(int *) CMSG_DATA (cmsg);
 
+  if (__builtin_expect (CMSG_FIRSTHDR (&msg)->cmsg_len
+			!= CMSG_LEN (sizeof (int)), 0))
+    goto out_close;
+
   struct stat64 st;
   if (__builtin_expect (strcmp (resdata, key) != 0, 0)
       || __builtin_expect (fstat64 (mapfd, &st) != 0, 0)
@@ -366,10 +362,7 @@ __nscd_get_map_ref (request_type type, const char *name,
 }
 
 
-/* Don't return const struct datahead *, as eventhough the record
-   is normally constant, it can change arbitrarily during nscd
-   garbage collection.  */
-struct datahead *
+const struct datahead *
 __nscd_cache_search (request_type type, const char *key, size_t keylen,
 		     const struct mapped_database *mapped)
 {
@@ -381,32 +374,16 @@ __nscd_cache_search (request_type type, const char *key, size_t keylen,
     {
       struct hashentry *here = (struct hashentry *) (mapped->data + work);
 
-#ifndef _STRING_ARCH_unaligned
-      /* Although during garbage collection when moving struct hashentry
-	 records around we first copy from old to new location and then
-	 adjust pointer from previous hashentry to it, there is no barrier
-	 between those memory writes.  It is very unlikely to hit it,
-	 so check alignment only if a misaligned load can crash the
-	 application.  */
-      if ((uintptr_t) here & (__alignof__ (*here) - 1))
-	return NULL;
-#endif
-
       if (type == here->type
 	  && keylen == here->len
-	  && here->key + keylen <= datasize
+	  && here->key + here->len <= datasize
 	  && memcmp (key, mapped->data + here->key, keylen) == 0
 	  && here->packet + sizeof (struct datahead) <= datasize)
 	{
 	  /* We found the entry.  Increment the appropriate counter.  */
-	  struct datahead *dh
+	  const struct datahead *dh
 	    = (struct datahead *) (mapped->data + here->packet);
 
-#ifndef _STRING_ARCH_unaligned
-	  if ((uintptr_t) dh & (__alignof__ (*dh) - 1))
-	    return NULL;
-#endif
-
 	  /* See whether we must ignore the entry or whether something
 	     is wrong because garbage collection is in progress.  */
 	  if (dh->usable && here->packet + dh->allocsize <= datasize)
diff --git a/nscd/nscd_initgroups.c b/nscd/nscd_initgroups.c
index 866455a96c..97a037d4a9 100644
--- a/nscd/nscd_initgroups.c
+++ b/nscd/nscd_initgroups.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@redhat.com>, 2004.
 
@@ -39,7 +39,6 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size,
 {
   size_t userlen = strlen (user) + 1;
   int gc_cycle;
-  int nretries = 0;
 
   /* If the mapping is available, try to search there instead of
      communicating with the nscd.  */
@@ -47,49 +46,44 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size,
   mapped = __nscd_get_map_ref (GETFDGR, "group", &__gr_map_handle, &gc_cycle);
 
  retry:;
+  const initgr_response_header *initgr_resp = NULL;
   char *respdata = NULL;
   int retval = -1;
   int sock = -1;
-  initgr_response_header initgr_resp;
 
   if (mapped != NO_MAPPING)
     {
-      struct datahead *found = __nscd_cache_search (INITGROUPS, user,
-						    userlen, mapped);
+      const struct datahead *found = __nscd_cache_search (INITGROUPS, user,
+							  userlen, mapped);
       if (found != NULL)
 	{
-	  respdata = (char *) (&found->data[0].initgrdata + 1);
-	  initgr_resp = found->data[0].initgrdata;
+	  initgr_resp = &found->data[0].initgrdata;
+	  respdata = (char *) (initgr_resp + 1);
 	  char *recend = (char *) found->data + found->recsize;
 
-	  /* Now check if we can trust initgr_resp fields.  If GC is
-	     in progress, it can contain anything.  */
-	  if (mapped->head->gc_cycle != gc_cycle)
-	    {
-	      retval = -2;
-	      goto out;
-	    }
-
-	  if (respdata + initgr_resp.ngrps * sizeof (int32_t) > recend)
+	  if (respdata + initgr_resp->ngrps * sizeof (int32_t) > recend)
 	    goto out;
 	}
     }
 
   /* If we do not have the cache mapped, try to get the data over the
      socket.  */
-  if (respdata == NULL)
+  initgr_response_header initgr_resp_mem;
+  if (initgr_resp == NULL)
     {
-      sock = __nscd_open_socket (user, userlen, INITGROUPS, &initgr_resp,
-				 sizeof (initgr_resp));
+      sock = __nscd_open_socket (user, userlen, INITGROUPS, &initgr_resp_mem,
+				 sizeof (initgr_resp_mem));
       if (sock == -1)
 	{
 	  /* nscd not running or wrong version.  */
 	  __nss_not_use_nscd_group = 1;
 	  goto out;
 	}
+
+      initgr_resp = &initgr_resp_mem;
     }
 
-  if (initgr_resp.found == 1)
+  if (initgr_resp->found == 1)
     {
       /* The following code assumes that gid_t and int32_t are the
 	 same size.  This is the case for al existing implementation.
@@ -97,40 +91,40 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size,
 	 doesn't use memcpy but instead copies each array element one
 	 by one.  */
       assert (sizeof (int32_t) == sizeof (gid_t));
-      assert (initgr_resp.ngrps >= 0);
+      assert (initgr_resp->ngrps >= 0);
 
       /* Make sure we have enough room.  We always count GROUP in even
 	 though we might not end up adding it.  */
-      if (*size < initgr_resp.ngrps + 1)
+      if (*size < initgr_resp->ngrps + 1)
 	{
 	  gid_t *newp = realloc (*groupsp,
-				 (initgr_resp.ngrps + 1) * sizeof (gid_t));
+				 (initgr_resp->ngrps + 1) * sizeof (gid_t));
 	  if (newp == NULL)
 	    /* We cannot increase the buffer size.  */
 	    goto out_close;
 
 	  *groupsp = newp;
-	  *size = initgr_resp.ngrps + 1;
+	  *size = initgr_resp->ngrps + 1;
 	}
 
       if (respdata == NULL)
 	{
 	  /* Read the data from the socket.  */
-	  if ((size_t) __readall (sock, *groupsp, initgr_resp.ngrps
+	  if ((size_t) __readall (sock, *groupsp, initgr_resp->ngrps
 						  * sizeof (gid_t))
-	      == initgr_resp.ngrps * sizeof (gid_t))
-	    retval = initgr_resp.ngrps;
+	      == initgr_resp->ngrps * sizeof (gid_t))
+	    retval = initgr_resp->ngrps;
 	}
       else
 	{
 	  /* Just copy the data.  */
-	  retval = initgr_resp.ngrps;
+	  retval = initgr_resp->ngrps;
 	  memcpy (*groupsp, respdata, retval * sizeof (gid_t));
 	}
     }
   else
     {
-      if (__builtin_expect (initgr_resp.found == -1, 0))
+      if (__builtin_expect (initgr_resp->found == -1, 0))
 	{
 	  /* The daemon does not cache this database.  */
 	  __nss_not_use_nscd_group = 1;
@@ -159,21 +153,19 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size,
   if (sock != -1)
     close_not_cancel_no_status (sock);
  out:
-  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
+  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
     {
       /* When we come here this means there has been a GC cycle while we
 	 were looking for the data.  This means the data might have been
 	 inconsistent.  Retry if possible.  */
-      if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
+      if ((gc_cycle & 1) != 0)
 	{
 	  /* nscd is just running gc now.  Disable using the mapping.  */
-	  if (atomic_decrement_val (&mapped->counter) == 0)
-	    __nscd_unmap (mapped);
+	  __nscd_unmap (mapped);
 	  mapped = NO_MAPPING;
 	}
 
-      if (retval != -1)
-	goto retry;
+      goto retry;
     }
 
   return retval;
diff --git a/nscd/pwdcache.c b/nscd/pwdcache.c
index ae579df510..01c223add5 100644
--- a/nscd/pwdcache.c
+++ b/nscd/pwdcache.c
@@ -1,5 +1,5 @@
 /* Cache handling for passwd lookup.
-   Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc.
+   Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
 
@@ -274,7 +274,6 @@ cache_addpw (struct database_dyn *db, int fd, request_header *req,
 		{
 		  /* Adjust pointer into the memory block.  */
 		  cp = (char *) newp + (cp - (char *) dataset);
-		  key_copy = (char *) newp + (key_copy - (char *) dataset);
 
 		  dataset = memcpy (newp, dataset, total + n);
 		  alloca_used = false;
diff --git a/nscd/selinux.c b/nscd/selinux.c
index b826031150..f0620d1012 100644
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@@ -1,5 +1,5 @@
 /* SELinux access controls for nscd.
-   Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
+   Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004.
 
@@ -182,22 +182,18 @@ preserve_capabilities (void)
   if (tmp_caps == NULL || new_caps == NULL)
     {
       if (tmp_caps != NULL)
-	cap_free (tmp_caps);
+	free_caps (tmp_caps);
 
       dbg_log (_("Failed to initialize drop of capabilities"));
       error (EXIT_FAILURE, 0, _("cap_init failed"));
     }
 
   /* There is no reason why these should not work.  */
-  cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list,
-		(cap_value_t *) new_cap_list, CAP_SET);
-  cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list,
-		(cap_value_t *) new_cap_list, CAP_SET);
+  cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list, new_cap_list, CAP_SET);
+  cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list, new_cap_list, CAP_SET);
 
-  cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list,
-		(cap_value_t *) tmp_cap_list, CAP_SET);
-  cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list,
-		(cap_value_t *) tmp_cap_list, CAP_SET);
+  cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list, tmp_cap_list, CAP_SET);
+  cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list, tmp_cap_list, CAP_SET);
 
   int res = cap_set_proc (tmp_caps);
 
@@ -206,7 +202,7 @@ preserve_capabilities (void)
   if (__builtin_expect (res != 0, 0))
     {
       cap_free (new_caps);
-      dbg_log (_("Failed to drop capabilities\n"));
+      dbg_log (_("Failed to drop capabilities"));
       error (EXIT_FAILURE, 0, _("cap_set_proc failed"));
     }
 
diff --git a/nscd/selinux.h b/nscd/selinux.h
index 27afcd6e86..9ce0628486 100644
--- a/nscd/selinux.h
+++ b/nscd/selinux.h
@@ -1,5 +1,5 @@
 /* Header for nscd SELinux access controls.
-   Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc.
+   Copyright (C) 2004, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004.
 
@@ -23,7 +23,7 @@
 
 #include "nscd.h"
 #ifdef HAVE_LIBCAP
-# include <sys/capability.h>
+# include <sys/capabilities.h>
 #endif
 
 #ifdef HAVE_SELINUX