about summary refs log tree commit diff
path: root/nscd/netgroupcache.c
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright dates with scripts/update-copyrights.Joseph Myers2017-01-011-1/+1
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2016-01-041-1/+1
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2015-01-021-1/+1
|
* Rework some nscd code not to use variable-length struct types.Roland McGrath2014-10-221-8/+6
|
* Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878)Siddhesh Poyarekar2014-05-261-6/+8
| | | | | | | | | | | | The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer.
* Consolidate code to initialize nscd dataset headerSiddhesh Poyarekar2014-04-301-21/+12
| | | | | | | | | | This patch consolidates the code to initialize the header of a dataset into a single set of functions (one for positive and another for negative datasets) primarily to reduce repetition of code. The secondary reason is to simplify Patch 2/2 which fixes the problem of an uninitialized byte in the header by initializing an unused field in the structure and hence preventing a possible data leak into the cache file.
* Avoid overlapping addresses to stpcpy calls in nscd (BZ #16760)Siddhesh Poyarekar2014-03-271-6/+10
| | | | | | | | | | | | | | | | | | Calls to stpcpy from nscd netgroups code will have overlapping source and destination when all three values in the returned triplet are non-NULL and in the expected (host,user,domain) order. This is seen in valgrind as: ==3181== Source and destination overlap in stpcpy(0x19973b48, 0x19973b48) ==3181== at 0x4C2F30A: stpcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==3181== by 0x12567A: addgetnetgrentX (string3.h:111) ==3181== by 0x12722D: addgetnetgrent (netgroupcache.c:665) ==3181== by 0x11114C: nscd_run_worker (connections.c:1338) ==3181== by 0x4E3C102: start_thread (pthread_create.c:309) ==3181== by 0x59B81AC: clone (clone.S:111) ==3181== Fix this by using memmove instead of stpcpy.
* Fix nscd lookup for innetgr when netgroup has wildcards (BZ #16758)Siddhesh Poyarekar2014-03-271-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | nscd works correctly when the request in innetgr is a wildcard, i.e. when one or more of host, user or domain parameters is NULL. However, it does not work when the the triplet in the netgroup definition has a wildcard. This is easy to reproduce for a triplet defined as follows: foonet (,foo,) Here, an innetgr call that looks like this: innetgr ("foonet", "foohost", "foo", NULL); should succeed and so should: innetgr ("foonet", NULL, "foo", "foodomain"); It does succeed with nscd disabled, but not with nscd enabled. This fix adds this additional check for all three parts of the triplet so that it gives the correct result. [BZ #16758] * nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has blank values.
* Provide correct buffer length to netgroup queries in nscd (BZ #16695)Siddhesh Poyarekar2014-03-121-1/+1
| | | | | | | | | The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions.
* Use glibc_likely instead __builtin_expect.Ondřej Bílka2014-02-101-4/+4
|
* Avoid undefined behaviour in netgroupcacheSiddhesh Poyarekar2014-01-271-5/+11
| | | | | | Using a buffer after it has been reallocated is undefined behaviour, so get offsets of the triplets in the old buffer before reallocating it.
* Adjust pointers to triplets in netgroup query data (BZ #16474)Siddhesh Poyarekar2014-01-241-1/+11
| | | | | | | | | The _nss_*_getnetgrent_r query populates the netgroup results in the allocated buffer and then sets the result triplet to point to strings in the buffer. This is a problem when the buffer is reallocated since the pointers to the triplet strings are no longer valid. The pointers need to be adjusted so that they now point to strings in the reallocated buffer.
* Don't use alloca in addgetnetgrentX (BZ #16453)Siddhesh Poyarekar2014-01-161-31/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | addgetnetgrentX has a buffer which is grown as per the needs of the requested size either by using alloca or by falling back to malloc if the size is larger than 1K. There are two problems with the alloca bits: firstly, it doesn't really extend the buffer since it does not use the return value of the extend_alloca macro, which is the location of the reallocated buffer. Due to this the buffer does not actually extend itself and hence a subsequent write may overwrite stuff on the stack. The second problem is more subtle - the buffer growth on the stack is discontinuous due to block scope local variables. Combine that with the fact that unlike realloc, extend_alloca does not copy over old content and you have a situation where the buffer just has garbage in the space where it should have had data. This could have been fixed by adding code to copy over old data whenever we call extend_alloca, but it seems unnecessarily complicated. This code is not exactly a performance hotspot (it's called when there is a cache miss, so factors like network lookup or file reads will dominate over memory allocation/reallocation), so this premature optimization is unnecessary. Thanks Brad Hubbard <bhubbard@redhat.com> for his help with debugging the problem.
* Fix return code from getent netgroup when the netgroup is not found (bz #16366)Siddhesh Poyarekar2014-01-021-29/+62
| | | | | | | nscd incorrectly returns a success even when the netgroup in question is not found and adds a positive result in the cache. this patch fixes this behaviour by adding a negative lookup entry to cache and returning an error when the netgroup is not found.
* Fix infinite loop in nscd when netgroup is empty (bz #16365)Siddhesh Poyarekar2014-01-021-3/+4
| | | | | | | | | Currently, when a user looks up a netgroup that does not have any members, nscd goes into an infinite loop trying to find members in the group. This is because it does not handle cases when getnetgrent returns an NSS_STATUS_NOTFOUND (which is what it does on empty group). Fixed to handle this in the same way as NSS_STATUS_RETURN, similar to what getgrent does by itself.
* Update copyright notices with scripts/update-copyrightsAllan McRae2014-01-011-1/+1
|
* Fix nesting of ifdefs in netgroupcache.cAllan McRae2013-09-091-2/+2
| | | | Fixes unclosed '{' if HAVE_SENDFILE is defined (BZ #15895).
* Fix handling of netgroup cache in nscdAndreas Schwab2013-06-111-12/+20
|
* Update copyright notices with scripts/update-copyrights.Joseph Myers2013-01-021-1/+1
|
* Hurd: #include <kernel-features.h>Thomas Schwinge2012-05-101-4/+3
|
* Replace FSF snail mail address with URLs.Paul Eggert2012-02-091-2/+1
|
* Fix nesting of #ifdefs in netgroupcache.cUlrich Drepper2011-10-171-2/+2
|
* Implement caching of nscdUlrich Drepper2011-10-071-0/+669