| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a very recently added leak in getaddrinfo.
This was assigned CVE-2023-5156.
Resolves: BZ #30884
Related: BZ #30842
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an NSS plugin only implements the _gethostbyname2_r and
_getcanonname_r callbacks, getaddrinfo could use memory that was freed
during tmpbuf resizing, through h_name in a previous query response.
The backing store for res->at->name when doing a query with
gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in
gethosts during the query. For AF_INET6 lookup with AI_ALL |
AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second
for a v4 lookup. In this case, if the first call reallocates tmpbuf
enough number of times, resulting in a malloc, th->h_name (that
res->at->name refers to) ends up on a heap allocated storage in tmpbuf.
Now if the second call to gethosts also causes the plugin callback to
return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF
reference in res->at->name. This then gets dereferenced in the
getcanonname_r plugin call, resulting in the use after free.
Fix this by copying h_name over and freeing it at the end. This
resolves BZ #30843, which is assigned CVE-2023-4806.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit 973fe93a5675c42798b2161c6f29c01b0e243994)
|
| |
|
|
|
| |
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit e2f68b54e8052da14680074fc5df03153216f218)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allocations for address tuples is currently a bit confusing because of
the pointer chasing through PAT, making it hard to observe the sequence
in which allocations have been made. Narrow scope of the pointer
chasing through PAT so that it is only used where necessary.
This also tightens actions behaviour with the hosts database in
getaddrinfo to comply with the manual text. The "continue" action
discards previous results and the "merge" action results in an immedate
lookup failure. Consequently, chaining of allocations across modules is
no longer necessary, thus opening up cleanup opportunities.
A test has been added that checks some combinations to ensure that they
work correctly.
Resolves: BZ #28931
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
(cherry picked from commit 1c37b8022e8763fedbb3f79c02e05c6acfe5a215)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the build itself is run in a container, we may not be able to
fully set up a nested container for test-container testing.
Notably is the mounting of /proc, since it's critical that it
be mounted from within the same PID namespace as its users, and
thus cannot be bind mounted from outside the container like other
mounts.
This patch defaults to using the parent's PID namespace instead of
creating a new one, as this is more likely to be allowed.
If the test needs an isolated PID namespace, it should add the "pidns"
command to its init script.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 2fe64148a81f0d78050c302f34a6853d21f7cae4)
|
| |
|
|
|
|
|
|
|
| |
Otherwise, sorting based on the longest-matching prefix in
getaddrinfo can reorder the addresses in ways the test does not
expect, depending on the IPv4 address of the host.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c02e29a0ba47d636281e1a026444a1a0a254aa12)
|
| |
|
|
|
|
|
|
|
|
| |
getent implicitly passes AI_ADDRCONFIG to getaddrinfo by default.
Use --no-addrconfig to suppress that, so that both IPv4 and IPv6
lookups succeed even if the address family is not supported by the
host.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit c75d20b5b27b0a60f0678236f51a4d3b0b058c00)
|
| |
|
|
|
|
|
|
| |
The ahosts, ahostsv4, ahostsv6 commands unconditionally pass
AI_ADDRCONFIG to getaddrinfo, which is not always desired.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit a623f13adfac47c8634a7288e08f821a846bc650)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Skip the chroot test if the database isn't loaded
correctly (because the chroot test uses some
existing DB state).
The __stat64_time64 -> fstatat call can fail if
running under an (aggressive) seccomp filter,
like Firefox seems to use.
This manifested in a crash when using glib built
with FAM support with such a Firefox build.
Suggested-by: DJ Delorie <dj@redhat.com>
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
(cherry picked from commit ace9e3edbca62d978b1e8f392d8a5d78500272d9)
|
| |
|
|
|
|
|
|
|
|
| |
It's interesting if we have a null action list,
so an assert is worthwhile.
Suggested-by: DJ Delorie <dj@redhat.com>
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
(cherry picked from commit 3fdf0a205b622e40fa7e3c4ed1e4ed4d5c6c5380)
|
| |
|
|
|
|
| |
ELIBBAD is Linux-specific.
(cherry picked from commit 67ab66541dc1164540abda284645e38be90b5119)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
dlopen may clobber errno. The nss_test_errno module uses an ELF
constructor to achieve that, but there could be internal errors
during dlopen that cause this, too. Therefore, the NSS framework
has to guard against such errno clobbers.
__nss_module_get_function is currently the only function that calls
__nss_module_load, so it is sufficient to save and restore errno
around this call.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 9bdf92c79d63b42f931101bb6df87129c408b0c4)
|
| |
|
|
|
|
|
|
|
| |
They are not actually installed. Use the nss_files version instead
in nss/Makefile, similar to how __nss_shlib_revision is derived
from LIBNSS_FILES_SO.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit aefc79ab5ad4bb9feea2876720cec70dca7cd8ed)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This matches what is currently in nss/nsswitch.conf. The new ordering
matches what most distributions use in their installed configuration
files.
It is common to add localhost to /etc/hosts because the name does not
exist in the DNS, but is commonly used as a host name.
With the built-in "dns [!UNAVAIL=return] files" default, dns is
searched first and provides an answer for "localhost" (NXDOMAIN).
We never look at the files database as a result, so the contents of
/etc/hosts is ignored. This means that "getent hosts localhost"
fail without a /etc/nsswitch.conf file, even though the host name
is listed in /etc/hosts.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit b99b0f93ee8762fe53ff65802deb6f00700b9924)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a local resolver like unbound is listening on the IPv4 loopback
address 127.0.0.1, the nss/tst-nss-files-hosts-long test fails. This is
due to:
- the default resolver in the absence of resolv.conf being 127.0.0.1
- the default DNS NSS database configuration in the absence of
nsswitch.conf being 'hosts: dns [!UNAVAIL=return] file'
This causes the requests for 'test4' and 'test6' to first be sent to the
local resolver, which responds with NXDOMAIN in the likely case those
records do no exist. In turn that causes the access to /etc/hosts to be
skipped, which is the purpose of that test.
Fix that by providing a simple nsswitch.conf file forcing access to
/etc/hosts for that test. I have tested that the only changed result in
the testsuite is that test.
(cherry picked from commit 2738480a4b0866723fb8c633f36bdd34a8767581)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This partially fixes static-only NSS support (bug 27959): The dns
module no longer needs dlopen. Support for disabling dlopen altogher
remains to be added.
This commit introduces module_load_builtin into nss/nss_module.c, which
handles the common parts of loading the built-in nss_files and nss_dns
modules.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After commit f9c8b11ed7726b858cd7b7cea0d3d7c5233d78cf
"nss: Access nss_files through direct references",
when building with -Os, multiple conform/.../linknamespace tests
and elf/check-localplt are failing:
Extra PLT reference: libc.so: fgetc_unlocked
Extra PLT reference: libc.so: getline
Or e.g.:
[initial] glob -> [libc.a(glob.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_module_get_function -> [libc.a(nss_module.o)] __nss_files_functions -> [libc.a(nss_files_functions.o)] _nss_files_endaliasent -> [libc.a(files-alias.o)] feof_unlocked
[initial] glob -> [libc.a(glob.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_module_get_function -> [libc.a(nss_module.o)] __nss_files_functions -> [libc.a(nss_files_functions.o)] _nss_files_endaliasent -> [libc.a(files-alias.o)] fgetc_unlocked
[initial] glob -> [libc.a(glob.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_module_get_function -> [libc.a(nss_module.o)] __nss_files_functions -> [libc.a(nss_files_functions.o)] _nss_files_endnetgrent -> [libc.a(files-netgrp.o)] getline
This patch is using the hidden symbols where possible.
Instead of fputc_unlocked, __putc_unlocked is used.
(Compare to commit eeaa19f75e52d2d48074ae0c423f2311d67c42c6
"mntent: Use __putc_unlocked instead of fputc_unlocked")
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The error is as follows:
nss_module.c: In function 'module_load_nss_files':
nss_module.c:117:7: error: 'is_nscd' undeclared (first use in this function)
117 | if (is_nscd)
| ^~~~~~~
nss_module.c:117:7: note: each undeclared identifier is reported only once for each function it appears in
nss_module.c:119:51: error: 'nscd_init_cb' undeclared (first use in this function); did you mean 'nscd_init'?
119 | void (*cb) (size_t, struct traced_file *) = nscd_init_cb;
| ^~~~~~~~~~~~
| nscd_init
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes the test nss/tst-nss-files-hosts-long is failing as getent
fails with exit-code 2.
This happens if tst-reload1 was run just before this test:
make t=nss/tst-reload1 test
make t=nss/tst-nss-files-hosts-long test
Then the test fails as /etc/nsswitch.conf contains "hosts: test2"
and the hosts are not searched in /etc/hosts at all.
Thus this patch just requests a post cleanup after nss/tst-reload1
has run.
|
| | |
|
| |
|
|
|
|
|
|
| |
This partially fixes static-only NSS support (bug 27959): The files
module no longer needs dlopen. Support for the dns module remains
to be added, and also support for disabling dlopen altogether.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
| |
|
|
|
|
| |
This is the first step towards fixing bug 27959.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reduces RSS usage if nss_files is not actually used, and can
be used later to make NSS data thread-specific. It also results in
a small code size reduction.
Before:
text data bss dec hex filename
2288 0 72 2360 938 nss/files-alias.os
1807 0 72 1879 757 nss/files-ethers.os
1371 0 72 1443 5a3 nss/files-grp.os
6246 0 72 6318 18ae nss/files-hosts.os
869 0 0 869 365 nss/files-initgroups.os
666 0 0 666 29a nss/files-init.os
1934 0 0 1934 78e nss/files-netgrp.os
2353 0 72 2425 979 nss/files-network.os
2130 0 72 2202 89a nss/files-proto.os
1372 0 72 1444 5a4 nss/files-pwd.os
2124 0 72 2196 894 nss/files-rpc.os
2265 0 72 2337 921 nss/files-service.os
1125 0 72 1197 4ad nss/files-sgrp.os
1124 0 72 1196 4ac nss/files-spwd.os
After:
text data bss dec hex filename
2040 0 0 2040 7f8 nss/files-alias.os
1599 0 0 1599 63f nss/files-ethers.os
1155 0 0 1155 483 nss/files-grp.os
6010 0 0 6010 177a nss/files-hosts.os
869 0 0 869 365 nss/files-initgroups.os
666 0 0 666 29a nss/files-init.os
1934 0 0 1934 78e nss/files-netgrp.os
2129 0 0 2129 851 nss/files-network.os
1914 0 0 1914 77a nss/files-proto.os
1156 0 0 1156 484 nss/files-pwd.os
1908 0 0 1908 774 nss/files-rpc.os
2057 0 0 2057 809 nss/files-service.os
909 0 0 909 38d nss/files-sgrp.os
908 0 0 908 38c nss/files-spwd.os
1090 0 8 1098 44a nss/nss_files_data.os
27674 code bytes before, 26344 code bytes after, so it is an overall
win despite the extra initialization code.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is only needed if nss_files is loaded by nscd.
Before:
text data bss dec hex filename
767 0 24952 25719 6477 nss/files-init.os
After:
text data bss dec hex filename
666 0 0 666 29a nss/files-init.os
Using PATH_MAX bytes unconditionally for the directory name
is wasteful, but fixing that would constitute another break
of this semi-public ABI. (The other issue is that with
symbolic links, an arbitrary set of parent directories may need
watching, not just a single one.)
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
| |
|
|
|
| |
The old version had an additional underscore, making the declaration
ineffective.
|
| |
|
|
|
|
|
|
|
|
| |
For the legacy ABI with supports 32-bit time_t it calls the 64-bit
time directly, since the LFS symbols calls the 64-bit time_t ones
internally.
Checked on i686-linux-gnu and x86_64-linux-gnu.
Reviewed-by: Lukasz Majewski <lukma@denx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This commit removes the ELF constructor and internal variables from
dlfcn/dlfcn.c. The file now serves the same purpose as
nptl/libpthread-compat.c, so it is renamed to dlfcn/libdl-compat.c.
The use of libdl-shared-only-routines ensures that libdl.a is empty.
This commit adjusts the test suite not to use $(libdl). The libdl.so
symbolic link is no longer installed.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
| |
|
|
|
|
| |
27832].
Reviewed-by: fweimer@redhat.com
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change continues the improvements to compile-time out of bounds
checking by decorating more APIs with either attribute access, or by
explicitly providing the array bound in APIs such as tmpnam() that
expect arrays of some minimum size as arguments. (The latter feature
is new in GCC 11.)
The only effects of the attribute and/or the array bound is to check
and diagnose calls to the functions that fail to provide a sufficient
number of elements, and the definitions of the functions that access
elements outside the specified bounds. (There is no interplay with
_FORTIFY_SOURCE here yet.)
Tested with GCC 7 through 11 on x86_64-linux.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
__nss_database_lookup2's extra arguments were left unused in the
nsswitch reloading patch set; this broke compat (default config
ignored) and shadow files (secondary name ignored) which relies on
these fallbacks.
This patch adds in the previous behavior by correcting the
initialization of the database list to reflect the fallbacks. This
means that the nss_database_lookup2 interface no longer needs to be
passed the fallback info, so API and callers were adjusted.
Since all callers needed to be edited anyway, the calls were changed
from __nss_database_lookup2 to the faster __nss_database_get. This
was an intended optimization which was deferred during the initial
lookup changes to avoid touching so many files.
The test case verifies that compat targets work (passwd) and that the
default configuration works (group). Tested on x86-64.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The glibc 2.33 release enabled /etc/nsswitch.conf reloading,
and to prevent potential security issues like CVE-2019-14271
the re-loading of nsswitch.conf and all mdoules was disabled
when the root filesystem changes (see bug 27077).
Unfortunately php-lpfm and openldap both require the ability
to continue to load NSS modules after chroot. The packages
do not exec after the chroot, and so do not cause the
protections to be reset. The only solution is to re-enable
only NSS module loading (not nsswitch.conf reloading) and so
get back the previous glibc behaviour.
In the future we may introduce a way to harden applications
so they do not reload NSS modules once the root filesystem
changes, or that only files/dns are available pre-loaded
(or builtin).
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before the change nss_database_check_reload_and_get() did not populate
the '*result' value when it returned success in a case of chroot
detection. This caused initgroups() to use garage pointer in the
following test (extracted from unbound):
```
int main() {
// load some NSS modules
struct passwd * pw = getpwnam("root");
chdir("/tmp");
chroot("/tmp");
chdir("/");
// access nsswitch.conf in a chroot
initgroups("root", 0);
}
```
Reviewed-by: DJ Delorie <dj@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
https://sourceware.org/bugzilla/show_bug.cgi?id=27077
Before reloading nsswitch.conf, verify that the root directory
hasn't changed - if it has, it's likely that we've entered a
container and should not trust the nsswitch inside the container
nor load any shared objects therein.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've updated copyright dates in glibc for 2021. This is the patch for
the changes not generated by scripts/update-copyrights and subsequent
build / regeneration of generated files. As well as the usual annual
updates, mainly dates in --version output (minus csu/version.c which
previously had to be handled manually but is now successfully updated
by update-copyrights), there is a small change to the copyright notice
in NEWS which should let NEWS get updated automatically next year.
Please remember to include 2021 in the dates for any new files added
in future (which means updating any existing uncommitted patches you
have that add new files to use the new copyright dates in them).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some internal functions need to know if a database has a nonzero
list of actions; success getting the database does not guarantee
that. Add checks for such as needed.
Skip the ":" in each nsswitch.conf line so as not to add a dummy
action libnss_:.so
See also https://bugzilla.redhat.com/show_bug.cgi?id=1906066
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting with recent commits, I get 43 conform/.../linknamespace FAILs:
- nss: Introduce <nss_module.h>
- <nss_action.h>: New abstraction for combining NSS modules and NSS actions
- nss: Implement <nss_database.h> (see nss/nss_database.c)
- nsswitch: use new internal API (core)
- nsswitch: user new internal API (tests)
- nsswitch: use new internal API (callers)
e.g. conform/XPG42/wordexp.h/linknamespace.out
[initial] wordexp -> [libc.a(wordexp.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_database_get -> [libc.a(nss_database.o)] feof_unlocked
[initial] wordexp -> [libc.a(wordexp.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_database_get -> [libc.a(nss_database.o)] ferror_unlocked
This patch is just using __ferror_unlocked and __feof_unlocked instead of the
non "__" prefixed ones.
Reviewed-by: DJ Delorie <dj@redhat.com>
|
| |
|
|
|
|
| |
Stitch new ABI and types throughout all NSS callers.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
| |
|
|
|
|
| |
Testsuite support and new test for new API.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
| |
|
|
|
|
| |
Core changes to switch the NSS internals to use the new API.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This code manages the mappings of the available databases in NSS
(i.e. passwd, hosts, netgroup, etc) with the actions that should
be taken to do a query on those databases.
This is the main API between query functions scattered throughout
glibc and the underlying code (actions, modules, etc).
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
| |
|
|
|
|
|
|
|
|
| |
nss_action manages a set of lists of actions; these are the portions
of the lines in nsswitch.conf to the right of the colons, like
"dns [!UNAVAIL=return] files". Each permutation of actions and
conditionals is cached for reuse, which limits memory growth, and
refers to the static list of modules managed by nss_modules.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This provides the struct nss_module type, which combines the old
struct service_library type with the known_function tree, by
statically allocating space for all function pointers.
struct nss_module is fairly large (536 bytes), but it will be
shared across NSS databases. The old known_function handling
had non-some per-function overhead (at least 32 bytes per looked-up
function, but more for long function anmes), so overall, this is not
too bad. Resolving all functions at load time simplifies locking,
and the repeated lookups should be fast because the caches are hot
at this point.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The tls.h inclusion is not really required and limits possible
definition on more arch specific headers.
This is a cleanup to allow inline functions on sysdep.h, more
specifically on i386 and ia64 which requires to access some tls
definitions its own.
No semantic changes expected, checked with a build against all
affected ABIs.
|
| |
|
|
|
|
|
|
|
|
|
| |
The SELinux API deprecated several symbols in its 3.1 release, including
security_context_t, matchpathcon, avc_init, and sidput, which are used in
makedb and nscd. While the usage of these should eventually be replaced by
newer interfaces, this commit disables GCC warnings due to the use of the
above symbols.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
And helper functions __nss_readline, __nss_readline_seek,
__nss_parse_line_result.
This consolidates common code for handling overlong lines and
parse files. Use the new functionality in internal_getent
in nss/nss_files/files-XXX.c.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As a result, all parse_line functions have the same prototype, except
for that producing struct hostent. This change is ABI-compatible, so
it does not alter the internal GLIBC_PRIVATE ABI (otherwise we should
probably have renamed the exported functions).
A future change will use this to implement a generict fget*ent_r
function.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
| |
|
|
|
|
|
|
| |
These functions should eventually have the same type, so it makes
sense to declare them together.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This avoids crashes in case the files are truncated for some reason.
For typically file sizes, it is also going to be slightly faster.
Using __nss_files_fopen instead mirrors what nss_files does.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
