| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
This was broken by commit 9c02d0784d ("nss_files: Remove RES_USE_INET6
from hosts processing"), which removed too much.
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Qihao Chencao <twose@qq.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We stopped adding "Contributed by" or similar lines in sources in 2012
in favour of git logs and keeping the Contributors section of the
glibc manual up to date. Removing these lines makes the license
header a bit more consistent across files and also removes the
possibility of error in attribution when license blocks or files are
copied across since the contributed-by lines don't actually reflect
reality in those cases.
Move all "Contributed by" and similar lines (Written by, Test by,
etc.) into a new file CONTRIBUTED-BY to retain record of these
contributions. These contributors are also mentioned in
manual/contrib.texi, so we just maintain this additional record as a
courtesy to the earlier developers.
The following scripts were used to filter a list of files to edit in
place and to clean up the CONTRIBUTED-BY file respectively. These
were not added to the glibc sources because they're not expected to be
of any use in future given that this is a one time task:
https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc
https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After commit f9c8b11ed7726b858cd7b7cea0d3d7c5233d78cf
"nss: Access nss_files through direct references",
when building with -Os, multiple conform/.../linknamespace tests
and elf/check-localplt are failing:
Extra PLT reference: libc.so: fgetc_unlocked
Extra PLT reference: libc.so: getline
Or e.g.:
[initial] glob -> [libc.a(glob.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_module_get_function -> [libc.a(nss_module.o)] __nss_files_functions -> [libc.a(nss_files_functions.o)] _nss_files_endaliasent -> [libc.a(files-alias.o)] feof_unlocked
[initial] glob -> [libc.a(glob.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_module_get_function -> [libc.a(nss_module.o)] __nss_files_functions -> [libc.a(nss_files_functions.o)] _nss_files_endaliasent -> [libc.a(files-alias.o)] fgetc_unlocked
[initial] glob -> [libc.a(glob.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_module_get_function -> [libc.a(nss_module.o)] __nss_files_functions -> [libc.a(nss_files_functions.o)] _nss_files_endnetgrent -> [libc.a(files-netgrp.o)] getline
This patch is using the hidden symbols where possible.
Instead of fputc_unlocked, __putc_unlocked is used.
(Compare to commit eeaa19f75e52d2d48074ae0c423f2311d67c42c6
"mntent: Use __putc_unlocked instead of fputc_unlocked")
|
|
|
|
|
|
|
|
| |
This partially fixes static-only NSS support (bug 27959): The files
module no longer needs dlopen. Support for the dns module remains
to be added, and also support for disabling dlopen altogether.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
|
|
|
|
|
| |
This is the first step towards fixing bug 27959.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reduces RSS usage if nss_files is not actually used, and can
be used later to make NSS data thread-specific. It also results in
a small code size reduction.
Before:
text data bss dec hex filename
2288 0 72 2360 938 nss/files-alias.os
1807 0 72 1879 757 nss/files-ethers.os
1371 0 72 1443 5a3 nss/files-grp.os
6246 0 72 6318 18ae nss/files-hosts.os
869 0 0 869 365 nss/files-initgroups.os
666 0 0 666 29a nss/files-init.os
1934 0 0 1934 78e nss/files-netgrp.os
2353 0 72 2425 979 nss/files-network.os
2130 0 72 2202 89a nss/files-proto.os
1372 0 72 1444 5a4 nss/files-pwd.os
2124 0 72 2196 894 nss/files-rpc.os
2265 0 72 2337 921 nss/files-service.os
1125 0 72 1197 4ad nss/files-sgrp.os
1124 0 72 1196 4ac nss/files-spwd.os
After:
text data bss dec hex filename
2040 0 0 2040 7f8 nss/files-alias.os
1599 0 0 1599 63f nss/files-ethers.os
1155 0 0 1155 483 nss/files-grp.os
6010 0 0 6010 177a nss/files-hosts.os
869 0 0 869 365 nss/files-initgroups.os
666 0 0 666 29a nss/files-init.os
1934 0 0 1934 78e nss/files-netgrp.os
2129 0 0 2129 851 nss/files-network.os
1914 0 0 1914 77a nss/files-proto.os
1156 0 0 1156 484 nss/files-pwd.os
1908 0 0 1908 774 nss/files-rpc.os
2057 0 0 2057 809 nss/files-service.os
909 0 0 909 38d nss/files-sgrp.os
908 0 0 908 38c nss/files-spwd.os
1090 0 8 1098 44a nss/nss_files_data.os
27674 code bytes before, 26344 code bytes after, so it is an overall
win despite the extra initialization code.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is only needed if nss_files is loaded by nscd.
Before:
text data bss dec hex filename
767 0 24952 25719 6477 nss/files-init.os
After:
text data bss dec hex filename
666 0 0 666 29a nss/files-init.os
Using PATH_MAX bytes unconditionally for the directory name
is wasteful, but fixing that would constitute another break
of this semi-public ABI. (The other issue is that with
symbolic links, an arbitrary set of parent directories may need
watching, not just a single one.)
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
|
|
|
|
|
|
|
|
|
|
|
|
| |
And helper functions __nss_readline, __nss_readline_seek,
__nss_parse_line_result.
This consolidates common code for handling overlong lines and
parse files. Use the new functionality in internal_getent
in nss/nss_files/files-XXX.c.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a result, all parse_line functions have the same prototype, except
for that producing struct hostent. This change is ABI-compatible, so
it does not alter the internal GLIBC_PRIVATE ABI (otherwise we should
probably have renamed the exported functions).
A future change will use this to implement a generict fget*ent_r
function.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
|
|
|
|
|
| |
These functions should eventually have the same type, so it makes
sense to declare them together.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
|
|
| |
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
|
|
|
|
|
| |
The interface has hard-coded buffer sizes and is therefore tied to
DES. It also does not match current practice where different
services on the same host use different key material.
This change simplifies removal of the sunrpc code.
|
|
|
|
| |
Reviewed-by: DJ Delorie <dj@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:
sed -ri '
s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
$(find $(git ls-files) -prune -type f \
! -name '*.po' \
! -name 'ChangeLog*' \
! -path COPYING ! -path COPYING.LIB \
! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
! -path manual/texinfo.tex ! -path scripts/config.guess \
! -path scripts/config.sub ! -path scripts/install-sh \
! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
! -path INSTALL ! -path locale/programs/charmap-kw.h \
! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
! '(' -name configure \
-execdir test -f configure.ac -o -f configure.in ';' ')' \
! '(' -name preconfigure \
-execdir test -f preconfigure.ac ';' ')' \
-print)
and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:
chmod a+x sysdeps/unix/sysv/linux/riscv/configure
# Omit irrelevant whitespace and comment-only changes,
# perhaps from a slightly-different Autoconf version.
git checkout -f \
sysdeps/csky/configure \
sysdeps/hppa/configure \
sysdeps/riscv/configure \
sysdeps/unix/sysv/linux/csky/configure
# Omit changes that caused a pre-commit check to fail like this:
# remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
git checkout -f \
sysdeps/powerpc/powerpc64/ppc-mcount.S \
sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
# Omit change that caused a pre-commit check to fail like this:
# remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
|
|
|
|
|
|
| |
Since commit 3f8b44be0a658266adff5ece1e4bc3ce097a5dbe ("resolv:
Remove support for RES_USE_INET6 and the inet6 option"),
res_use_inet6 () always evaluates to false.
|
|
|
|
|
|
|
|
| |
If /etc/aliases ends with a continuation line (a line that starts
with whitespace) which does not have a trailing newline character,
the file parser would crash due to a null pointer dereference.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
|
|
|
|
| |
* All files with FSF copyright notices: Update copyright dates
using scripts/update-copyrights.
* locale/programs/charmap-kw.h: Regenerated.
* locale/programs/locfile-kw.h: Likewise.
|
|
|
|
|
| |
In order to get a clean test case, it was necessary to fix partially
fixed bug 23522 as well.
|
|
|
|
|
| |
Use the new __libc_readline_unlocked function to pick up
reading at the same line in case the buffer needs to be enlarged.
|
| |
|
|
|
|
|
|
|
| |
* All files with FSF copyright notices: Update copyright dates
using scripts/update-copyrights.
* locale/programs/charmap-kw.h: Regenerated.
* locale/programs/locfile-kw.h: Likewise.
|
|
|
|
|
| |
The previous implementation had at least a quadratic space
requirement in the number of host addresses and aliases.
|
| |
|
|
|
|
| |
This is in preparation of further cleanup work.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was noted in
<https://sourceware.org/ml/libc-alpha/2012-09/msg00305.html> that the
bits/*.h naming scheme should only be used for installed headers.
This patch renames bits/libc-lock.h to plain libc-lock.h and
bits/libc-lockP.h to plain libc-lockP.h to follow that convention.
Note that I don't know where libc-lockP.h comes from for Hurd (the
Hurd libc-lock.h includes libc-lockP.h, but the only libc-lockP.h in
the glibc source tree is for NPTL) - some unmerged patch? - but I
updated the #include in the Hurd libc-lock.h anyway.
Tested for x86_64 (testsuite, and that installed stripped shared
libraries are unchanged by the patch).
[BZ #14912]
* bits/libc-lock.h: Move to ...
* sysdeps/generic/libc-lock.h: ...here.
(_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H.
* sysdeps/mach/hurd/bits/libc-lock.h: Move to ...
* sysdeps/mach/hurd/libc-lock.h: ...here.
(_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H.
[_LIBC]: Include <libc-lockP.h> instead of <bits/libc-lockP.h>.
* sysdeps/mach/bits/libc-lock.h: Move to ...
* sysdeps/mach/libc-lock.h: ...here.
(_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H.
* sysdeps/nptl/bits/libc-lock.h: Move to ...
* sysdeps/nptl/libc-lock.h: ...here.
(_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H.
* sysdeps/nptl/bits/libc-lockP.h: Move to ...
* sysdeps/nptl/libc-lockP.h: ...here.
(_BITS_LIBC_LOCKP_H): Rename macro to _LIBC_LOCKP_H.
* crypt/crypt_util.c: Include <libc-lock.h> instead of
<bits/libc-lock.h>.
* dirent/scandir-tail.c: Likewise.
* dlfcn/dlerror.c: Likewise.
* elf/dl-close.c: Likewise.
* elf/dl-iteratephdr.c: Likewise.
* elf/dl-lookup.c: Likewise.
* elf/dl-open.c: Likewise.
* elf/dl-support.c: Likewise.
* elf/dl-writev.h: Likewise.
* elf/rtld.c: Likewise.
* grp/fgetgrent.c: Likewise.
* gshadow/fgetsgent.c: Likewise.
* gshadow/sgetsgent.c: Likewise.
* iconv/gconv_conf.c: Likewise.
* iconv/gconv_db.c: Likewise.
* iconv/gconv_dl.c: Likewise.
* iconv/gconv_int.h: Likewise.
* iconv/gconv_trans.c: Likewise.
* include/link.h: Likewise.
* inet/getnameinfo.c: Likewise.
* inet/getnetgrent.c: Likewise.
* inet/getnetgrent_r.c: Likewise.
* intl/bindtextdom.c: Likewise.
* intl/dcigettext.c: Likewise.
* intl/finddomain.c: Likewise.
* intl/gettextP.h: Likewise.
* intl/loadmsgcat.c: Likewise.
* intl/localealias.c: Likewise.
* intl/textdomain.c: Likewise.
* libidn/idn-stub.c: Likewise.
* libio/libioP.h: Likewise.
* locale/duplocale.c: Likewise.
* locale/freelocale.c: Likewise.
* locale/newlocale.c: Likewise.
* locale/setlocale.c: Likewise.
* login/getutent_r.c: Likewise.
* login/getutid_r.c: Likewise.
* login/getutline_r.c: Likewise.
* login/utmp-private.h: Likewise.
* login/utmpname.c: Likewise.
* malloc/mtrace.c: Likewise.
* misc/efgcvt.c: Likewise.
* misc/error.c: Likewise.
* misc/fstab.c: Likewise.
* misc/getpass.c: Likewise.
* misc/mntent.c: Likewise.
* misc/syslog.c: Likewise.
* nis/nis_call.c: Likewise.
* nis/nis_callback.c: Likewise.
* nis/nss-default.c: Likewise.
* nis/nss_compat/compat-grp.c: Likewise.
* nis/nss_compat/compat-initgroups.c: Likewise.
* nis/nss_compat/compat-pwd.c: Likewise.
* nis/nss_compat/compat-spwd.c: Likewise.
* nis/nss_nis/nis-alias.c: Likewise.
* nis/nss_nis/nis-ethers.c: Likewise.
* nis/nss_nis/nis-grp.c: Likewise.
* nis/nss_nis/nis-hosts.c: Likewise.
* nis/nss_nis/nis-network.c: Likewise.
* nis/nss_nis/nis-proto.c: Likewise.
* nis/nss_nis/nis-pwd.c: Likewise.
* nis/nss_nis/nis-rpc.c: Likewise.
* nis/nss_nis/nis-service.c: Likewise.
* nis/nss_nis/nis-spwd.c: Likewise.
* nis/nss_nisplus/nisplus-alias.c: Likewise.
* nis/nss_nisplus/nisplus-ethers.c: Likewise.
* nis/nss_nisplus/nisplus-grp.c: Likewise.
* nis/nss_nisplus/nisplus-hosts.c: Likewise.
* nis/nss_nisplus/nisplus-initgroups.c: Likewise.
* nis/nss_nisplus/nisplus-network.c: Likewise.
* nis/nss_nisplus/nisplus-proto.c: Likewise.
* nis/nss_nisplus/nisplus-pwd.c: Likewise.
* nis/nss_nisplus/nisplus-rpc.c: Likewise.
* nis/nss_nisplus/nisplus-service.c: Likewise.
* nis/nss_nisplus/nisplus-spwd.c: Likewise.
* nis/ypclnt.c: Likewise.
* nptl/libc_pthread_init.c: Likewise.
* nss/getXXbyYY.c: Likewise.
* nss/getXXent.c: Likewise.
* nss/getXXent_r.c: Likewise.
* nss/nss_db/db-XXX.c: Likewise.
* nss/nss_db/db-netgrp.c: Likewise.
* nss/nss_db/nss_db.h: Likewise.
* nss/nss_files/files-XXX.c: Likewise.
* nss/nss_files/files-alias.c: Likewise.
* nss/nsswitch.c: Likewise.
* posix/regex_internal.h: Likewise.
* posix/wordexp.c: Likewise.
* pwd/fgetpwent.c: Likewise.
* resolv/res_hconf.c: Likewise.
* resolv/res_libc.c: Likewise.
* shadow/fgetspent.c: Likewise.
* shadow/lckpwdf.c: Likewise.
* shadow/sgetspent.c: Likewise.
* socket/opensock.c: Likewise.
* stdio-common/reg-modifier.c: Likewise.
* stdio-common/reg-printf.c: Likewise.
* stdio-common/reg-type.c: Likewise.
* stdio-common/vfprintf.c: Likewise.
* stdio-common/vfscanf.c: Likewise.
* stdlib/abort.c: Likewise.
* stdlib/cxa_atexit.c: Likewise.
* stdlib/fmtmsg.c: Likewise.
* stdlib/random.c: Likewise.
* stdlib/setenv.c: Likewise.
* string/strsignal.c: Likewise.
* sunrpc/auth_none.c: Likewise.
* sunrpc/bindrsvprt.c: Likewise.
* sunrpc/create_xid.c: Likewise.
* sunrpc/key_call.c: Likewise.
* sunrpc/rpc_thread.c: Likewise.
* sysdeps/arm/backtrace.c: Likewise.
* sysdeps/generic/ldsodefs.h: Likewise.
* sysdeps/generic/stdio-lock.h: Likewise.
* sysdeps/generic/unwind-dw2-fde.c: Likewise.
* sysdeps/i386/backtrace.c: Likewise.
* sysdeps/ieee754/ldbl-opt/nldbl-compat.c: Likewise.
* sysdeps/m68k/backtrace.c: Likewise.
* sysdeps/mach/hurd/cthreads.c: Likewise.
* sysdeps/mach/hurd/dirstream.h: Likewise.
* sysdeps/mach/hurd/malloc-machine.h: Likewise.
* sysdeps/nptl/malloc-machine.h: Likewise.
* sysdeps/nptl/stdio-lock.h: Likewise.
* sysdeps/posix/dirstream.h: Likewise.
* sysdeps/posix/getaddrinfo.c: Likewise.
* sysdeps/posix/system.c: Likewise.
* sysdeps/pthread/aio_suspend.c: Likewise.
* sysdeps/s390/s390-32/backtrace.c: Likewise.
* sysdeps/s390/s390-64/backtrace.c: Likewise.
* sysdeps/unix/sysv/linux/check_pf.c: Likewise.
* sysdeps/unix/sysv/linux/if_index.c: Likewise.
* sysdeps/unix/sysv/linux/s390/s390-32/getutent_r.c: Likewise.
* sysdeps/unix/sysv/linux/s390/s390-32/getutid_r.c: Likewise.
* sysdeps/unix/sysv/linux/s390/s390-32/getutline_r.c: Likewise.
* sysdeps/unix/sysv/linux/shm-directory.c: Likewise.
* sysdeps/unix/sysv/linux/system.c: Likewise.
* sysdeps/x86_64/backtrace.c: Likewise.
* time/alt_digit.c: Likewise.
* time/era.c: Likewise.
* time/tzset.c: Likewise.
* wcsmbs/wcsmbsload.c: Likewise.
* nptl/tst-initializers1.c (do_test): Refer to <libc-lock.h>
instead of <bits/libc-lock.h> in comment.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Robin Hack discovered Samba would enter an infinite loop processing
certain quota-related requests. We eventually tracked this down to a
glibc issue.
Running a (simplified) test case under strace shows that /etc/passwd
is continuously opened and closed:
…
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717
lseek(3, 2717, SEEK_SET) = 2717
close(3) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717
lseek(3, 2717, SEEK_SET) = 2717
close(3) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
…
The lookup function implementation in
nss/nss_files/files-XXX.c:DB_LOOKUP has code to prevent that. It is
supposed skip closing the input file if it was already open.
/* Reset file pointer to beginning or open file. */ \
status = internal_setent (keep_stream); \
\
if (status == NSS_STATUS_SUCCESS) \
{ \
/* Tell getent function that we have repositioned the file pointer. */ \
last_use = getby; \
\
while ((status = internal_getent (result, buffer, buflen, errnop \
H_ERRNO_ARG EXTRA_ARGS_VALUE)) \
== NSS_STATUS_SUCCESS) \
{ break_if_match } \
\
if (! keep_stream) \
internal_endent (); \
} \
keep_stream is initialized from the stayopen flag in internal_setent.
internal_setent is called from the set*ent implementation as:
status = internal_setent (stayopen);
However, for non-host database, this flag is always 0, per the
STAYOPEN magic in nss/getXXent_r.c.
Thus, the fix is this:
- status = internal_setent (stayopen);
+ status = internal_setent (1);
This is not a behavioral change even for the hosts database (where the
application can specify the stayopen flag) because with a call to
sethostent(0), the file handle is still not closed in the
implementation of gethostent.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In bug 14906 the user complains that the inotify support in nscd
is not sufficient when it comes to detecting changes in the
configurationfiles that should be watched for the various databases.
The current nscd implementation uses inotify to watch for changes in
the configuration files, but adds watches only for IN_DELETE_SELF and
IN_MODIFY. These watches are insufficient to cover even the most basic
uses by a system administrator. For example using emacs or vim to edit
a configuration file should trigger a reload but it might not if
the editors use move to atomically update the file. This atomic update
changes the inode and thus removes the notification on the file (as
inotify is based on inodes). Thus the inotify support in nscd for
configuration files is insufficient to account for the average use
cases of system administrators and users.
The inotify support is significantly enhanced and described here:
https://www.sourceware.org/ml/libc-alpha/2015-02/msg00504.html
Tested on x86_64 with and without inotify support.
|
| |
|
|
|
|
|
|
|
|
|
| |
Replace it with IS_IN (libc) and remove the one place that it
is defined in. The generated code remains unchanged on x86_64.
* include/shlib-compat.h [!NOT_IN_libc]: Remove.
* nss/nss_files/files-parse.c (IS_IN_libc): Replace with
IS_IN (libc).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nss_db uses nss_files code for services, but a continue on protocol
mismatch that doesn't affect nss_files skipped the code that advanced
to the next db entry. Any one of these changes would suffice to fix
it, but fixing both makes them both safer to reuse elsewhere.
for ChangeLog
[BZ #14498]
* NEWS: Fixed.
* nss/nss_db/db-XXX.c (_nss_db_get##name##_r): Update hidx
after parsing line but before break_if_match.
* nss/nss_files/files-service (DB_LOOKUP): Don't "continue;"
if there is a protocol mismatch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL
(with errno as ERANGE) when the supplied buffer does not have
sufficient space for the result. This is wrong, because the canonical
way to indicate insufficient buffer is to set the errno to ERANGE and
the status to NSS_STATUS_TRYAGAIN, as is used by all other modules.
This fixes nscd behaviour when the nss_ldap module returns
NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to
fit into the supplied buffer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
#16506)
The netgroups file parsing code tries to access the character before
the newline in parsed lines to see if it is a backslash (\). This
results in an access before the block allocated for the line if the
line is blank, i.e. does not have anything other than the newline
character. This doesn't seem like it will cause any crashes because
the byte belongs to the malloc metadata block and hence access to it
will always succeed.
There could be an invalid alteration in code flow where a blank line
is seen as a continuation due to the preceding byte *happening* to be
'\\'. This could be done by interposing malloc, but that's not really
a security problem since one could interpose getnetgrent_r itself and
achieve a similar 'exploit'.
The possibility of actually exploiting this is remote to impossible
since it also requires the previous line to end with a '\\', which
would happen only on invalid configurations.
|
| |
|
|
|
|
|
| |
H_ERRNO_ARGS is unnecessary since we this file is specifically for
hosts lookup.
|
|
|
|
|
|
|
|
| |
AF_INET lookup in hosts file uses _nss_files_gethostbyname2_r, which
is not capable of returning a canonical name if it has found one.
This change adds _nss_files_gethostbyname3_r, which wraps around
_nss_files_gethostbyname2_r and then returns result.h_name as the
canonical name.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently for AF_INET lookups from the hosts file, buffer sizes larger
than INT_MAX silently overflow and may result in access beyond bounds
of a buffer. This happens when the number of results in an AF_INET
lookup in /etc/hosts are very large.
There are two aspects to the problem. One problem is that the size
computed from the buffer size is stored into an int, which results in
overflow for large sizes. Additionally, even if this size was
expanded, the function used to read content into the buffer (fgets)
accepts only int sizes. As a result, the fix is to have a function
wrap around fgets that calls it multiple times with int sizes if
necessary.
|