[PATCH] Fix crash when retrieving large networks entries
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[PATCH] Fix crash when retrieving large networks entries
- From: Lukas Slebodnik <lslebodn [at] redhat.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Cc: nalin [at] redhat.com
- Subject: [PATCH] Fix crash when retrieving large networks entries
- Date: Fri, 28 Feb 2014 20:02:07 +0100
ehlo,
To reproduce the crash in the "networks" code path, you will need to add
new entry "dn: cn=bignet,cn=networks,$SUFFIX" with many(100) cn attributes to
ldap server and run "getent -s ldap networks".
Crash is reproducible also with 0.8 branch, but attached patches cannot be
aplied on older branch due to different formatting of macros, but I can send
version for 0.8 branch as well.
LS
>From f6eb7dac32360af8b758d595171c55884c786787 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Mon, 27 Jan 2014 17:04:32 +0100
Subject: [PATCH 1/2] Fix crash when retrieving large networks entries
If NSS_STATUS_TRYAGAIN is returned from read_one_hostent or
read_one_netent then fp will be closed and function tio_skipall will be called
with NULL pointer.
It could happend in functions:
_nss_ldap_getnetbyname_r
_nss_ldap_getnetbyaddr_r
_nss_ldap_gethostbyname2_r
_nss_ldap_gethostbyaddr_r
---
nss/hosts.c | 2 --
nss/networks.c | 2 --
2 files changed, 4 deletions(-)
diff --git a/nss/hosts.c b/nss/hosts.c
index
777389541a06eeb7d3b4c973dff94a185fe0b4c5..eda739b3e19b75c4b5a7ea744d07e2aabe4998e6
100644
--- a/nss/hosts.c
+++ b/nss/hosts.c
@@ -51,8 +51,6 @@
#undef ERROR_OUT_BUFERROR
#define ERROR_OUT_BUFERROR(fp) \
- (void)tio_close(fp); \
- fp = NULL; \
*errnop = ERANGE; \
*h_errnop = TRY_AGAIN; \
return NSS_STATUS_TRYAGAIN;
diff --git a/nss/networks.c b/nss/networks.c
index
6d12ca6dce8197a2312bedb2c50f7f7c95911f52..b18d5caf0e19a1b3cd871e3b0ef45be4c8f9e708
100644
--- a/nss/networks.c
+++ b/nss/networks.c
@@ -51,8 +51,6 @@
#undef ERROR_OUT_BUFERROR
#define ERROR_OUT_BUFERROR(fp) \
- (void)tio_close(fp); \
- fp = NULL; \
*errnop = ERANGE; \
*h_errnop = TRY_AGAIN; \
return NSS_STATUS_TRYAGAIN;
--
1.8.5.3
>From df10f4fc10a575f78f724bc334d2e1b33f96484f Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Mon, 27 Jan 2014 17:17:33 +0100
Subject: [PATCH 2/2] Use right h_errnop for retrying with larger buffer.
The libc nsswitch code expects h_errno to be set to NETDB_INTERNAL when
it needs to try again with a larger buffer.
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
---
nss/hosts.c | 2 +-
nss/networks.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/nss/hosts.c b/nss/hosts.c
index
eda739b3e19b75c4b5a7ea744d07e2aabe4998e6..acbdb1ea84c98ae961a576109df17ddd2cb72c36
100644
--- a/nss/hosts.c
+++ b/nss/hosts.c
@@ -52,7 +52,7 @@
#undef ERROR_OUT_BUFERROR
#define ERROR_OUT_BUFERROR(fp) \
*errnop = ERANGE; \
- *h_errnop = TRY_AGAIN; \
+ *h_errnop = NETDB_INTERNAL; \
return NSS_STATUS_TRYAGAIN;
#undef ERROR_OUT_WRITEERROR
diff --git a/nss/networks.c b/nss/networks.c
index
b18d5caf0e19a1b3cd871e3b0ef45be4c8f9e708..3ffea52ba641cf87fa7b7b1dd8931077d12b87b3
100644
--- a/nss/networks.c
+++ b/nss/networks.c
@@ -52,7 +52,7 @@
#undef ERROR_OUT_BUFERROR
#define ERROR_OUT_BUFERROR(fp) \
*errnop = ERANGE; \
- *h_errnop = TRY_AGAIN; \
+ *h_errnop = NETDB_INTERNAL; \
return NSS_STATUS_TRYAGAIN;
#undef ERROR_OUT_WRITEERROR
--
1.8.5.3
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
- [PATCH] Fix crash when retrieving large networks entries,
Lukas Slebodnik
