From patchwork Sun Dec 20 17:55:32 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aurelien Jarno X-Patchwork-Id: 10075 Received: (qmail 73986 invoked by alias); 20 Dec 2015 17:55:48 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 73847 invoked by uid 89); 20 Dec 2015 17:55:46 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=BAYES_00, KAM_LAZY_DOMAIN_SECURITY, RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=H*r:esmtps, 99, triplet, H*r:120 X-HELO: hall.aurel32.net From: Aurelien Jarno To: libc-alpha@sourceware.org Cc: Siddhesh Poyarekar Subject: [COMMITTED 2.19] Fix nscd lookup for innetgr when netgroup has wildcards (BZ #16758) Date: Sun, 20 Dec 2015 18:55:32 +0100 Message-Id: <1450634134-13084-1-git-send-email-aurelien@aurel32.net> From: Siddhesh Poyarekar nscd works correctly when the request in innetgr is a wildcard, i.e. when one or more of host, user or domain parameters is NULL. However, it does not work when the the triplet in the netgroup definition has a wildcard. This is easy to reproduce for a triplet defined as follows: foonet (,foo,) Here, an innetgr call that looks like this: innetgr ("foonet", "foohost", "foo", NULL); should succeed and so should: innetgr ("foonet", NULL, "foo", "foodomain"); It does succeed with nscd disabled, but not with nscd enabled. This fix adds this additional check for all three parts of the triplet so that it gives the correct result. [BZ #16758] * nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has blank values. (cherry picked from commit fbd6b5a4052316f7eb03c4617eebfaafc59dcc06) --- ChangeLog | 6 ++++++ NEWS | 6 +++--- nscd/netgroupcache.c | 10 +++++++--- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4502ab2..3cb4c4d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2015-12-20 Siddhesh Poyarekar + + [BZ #16758] + * nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has + blank values. + 2015-11-24 Andreas Schwab [BZ #17062] diff --git a/NEWS b/NEWS index c9cce28..9771c07 100644 --- a/NEWS +++ b/NEWS @@ -9,9 +9,9 @@ Version 2.19.1 * The following bugs are resolved with this release: - 15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885, - 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137, 17153, - 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287. + 15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16878, 16882, + 16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137, + 17153, 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287. * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c index 084f74d..8c619ea 100644 --- a/nscd/netgroupcache.c +++ b/nscd/netgroupcache.c @@ -562,15 +562,19 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, { bool success = true; - if (host != NULL) + /* For the host, user and domain in each triplet, we assume success + if the value is blank because that is how the wildcard entry to + match anything is stored in the netgroup cache. */ + if (host != NULL && *triplets != '\0') success = strcmp (host, triplets) == 0; triplets = (const char *) rawmemchr (triplets, '\0') + 1; - if (success && user != NULL) + if (success && user != NULL && *triplets != '\0') success = strcmp (user, triplets) == 0; triplets = (const char *) rawmemchr (triplets, '\0') + 1; - if (success && (domain == NULL || strcmp (domain, triplets) == 0)) + if (success && (domain == NULL || *triplets == '\0' + || strcmp (domain, triplets) == 0)) { dataset->resp.result = 1; break;