[PATCH] NSS: Return TRYAGAIN on zero-length buffer

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Jakub Hrozek <jhrozek [at] redhat.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: [PATCH] NSS: Return TRYAGAIN on zero-length buffer
Date: Tue, 19 Mar 2013 11:45:08 +0100

One of our customers was running into a situation where glibc provided
a zero-length buffer, which is a condition that is retriable and the nss
module should return NSS_STATUS_TRYAGAIN not NSS_STATUS_UNAVAIL.

I think the fix is also in line with
http://www.gnu.org/software/libc/manual/html_node/NSS-Module-Function-Internals.html#NSS-Module-Function-Internals

The "_nss_database_getdbent_r" description says:
"When the buffer given as an argument is too small for the data to be
returned NSS_STATUS_TRYAGAIN should be returned."

So in their case the buffer was valid (!= NULL) but buflen was 0.

Unfortunately I do not have a reproducer, sorry. I only know the
situation happened with netgroups.

>From 8cf3dc0baa7eee383d9b6cecbebedcf033dac2fd Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 19 Mar 2013 11:38:21 +0100
Subject: [PATCH] NSS: Return TRYAGAIN on zero-length buffer

One of our customers was running into a situation where glibc provided a
zero buffer, which is a condition that is retriable and the nss module
should return NSS_STATUS_TRYAGAIN not NSS_STATUS_UNAVAIL.
---
 nss/common.h | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/nss/common.h b/nss/common.h
index 
fccbdf9758526f31f9f46f3ae1b032ef038526a9..7c2148459cf37b68dea1ebea8b75a73a28d85a6e
 100644
--- a/nss/common.h
+++ b/nss/common.h
@@ -86,10 +86,15 @@
 
 /* check validity of passed buffer (Glibc flavour) */
 #define NSS_BUFCHECK                                                        \
-  if ((buffer == NULL) || (buflen == 0))                                    \
+  if (buffer == NULL)                                                       \
   {                                                                         \
     *errnop = EINVAL;                                                       \
     return NSS_STATUS_UNAVAIL;                                              \
+  }                                                                         \
+  if (buflen == 0)                                                          \
+  {                                                                         \
+    *errnop = ERANGE;                                                       \
+    return NSS_STATUS_TRYAGAIN;                                             \
   }
 
 #endif /* NSS_FLAVOUR_GLIBC */
-- 
1.8.1.4

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

[PATCH] NSS: Return TRYAGAIN on zero-length buffer, Jakub Hrozek

Re: [PATCH] NSS: Return TRYAGAIN on zero-length buffer, Arthur de Jong
- Re: [PATCH] NSS: Return TRYAGAIN on zero-length buffer, Jakub Hrozek

Prev by Date: Re: My password is always too old during authentication
Next by Date: Re: [PATCH] NSS: Return TRYAGAIN on zero-length buffer
Previous by thread: Re: My password is always too old during authentication
Next by thread: Re: [PATCH] NSS: Return TRYAGAIN on zero-length buffer