From patchwork Mon Jun 18 16:12:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Maciej W. Rozycki" X-Patchwork-Id: 27908 Received: (qmail 28986 invoked by alias); 18 Jun 2018 16:13:29 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 28974 invoked by uid 89); 18 Jun 2018 16:13:28 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-10.8 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_2, GIT_PATCH_3, KAM_ASCII_DIVIDERS, SPF_PASS autolearn=ham version=3.3.2 spammy=resistance, terminated X-HELO: 9pmail.ess.barracuda.com Date: Mon, 18 Jun 2018 17:12:54 +0100 From: "Maciej W. Rozycki" To: Andreas Schwab CC: Subject: [PATCH v2] nisplus: Correct pwent parsing issue and resulting compilation error [BZ #23266] In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) MIME-Version: 1.0 X-ClientProxiedBy: mipsdag02.mipstec.com (10.20.40.47) To mipsdag02.mipstec.com (10.20.40.47) X-BESS-ID: 1529338387-321457-30683-9551-1 X-BESS-VER: 2018.7-r1806151722 X-BESS-Apparent-Source-IP: 12.201.5.32 X-BESS-Envelope-From: Maciej.Rozycki@mips.com X-BESS-Outbound-Spam-Score: 0.00 X-BESS-Outbound-Spam-Status: SCORE=0.00 using account:ESS59374 scores of KILL_LEVEL=7.0 tests=BSF_BESS_OUTBOUND X-BESS-Orig-Rcpt: schwab@suse.de,libc-alpha@sourceware.org X-BESS-BRTS-Status: 1 Copy and null-terminate NIS+ password file UID and GID entries whose length is non-zero and are not terminated in addition to empty ones, fixing a bug and a compilation issue causing an error with GCC 8: nss_nisplus/nisplus-parser.c: In function '_nss_nisplus_parse_pwent': nss_nisplus/nisplus-parser.c:90:7: error: 'strncpy' destination unchanged after copying no bytes [-Werror=stringop-truncation] strncpy (first_unused, numstr, len); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ nss_nisplus/nisplus-parser.c:106:7: error: 'strncpy' destination unchanged after copying no bytes [-Werror=stringop-truncation] strncpy (first_unused, numstr, len); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ introduced with commit ac05397075f6: commit ac05397075f621cfdbe1db527c96167a58b6d18e Author: Ulrich Drepper Date: Sun Apr 30 07:01:26 2006 +0000 * nis/nss_nisplus/nisplus-parser.c: Minor optimizations and cleanups. Avoid copying data if it can be used in the old place. (no mailing list reference available). Obviously regardless of the recently added compiler diagnostics causing a build error this code has been long non-functional, so I guess NIS+ servers have been supplying strings that are non-empty and have already been null-terminated. Which in turn made it unnecessary to make a null-terminated copy, masking this bug. [BZ #23266] * nis/nss_nisplus/nisplus-parser.c (_nss_nisplus_parse_pwent): Copy and null-terminate entries that are not terminated in addition to empty ones. --- On Mon, 18 Jun 2018, Andreas Schwab wrote: > I don't think this is correct. If len == 0 then numstr[0] is undefined. Right, given that this is legacy code, let's take the path of least resistance and copy the approach from `_nss_nisplus_parse_grent', which is actually correct and makes sure that numstr[0] == '\0' if len == 0. OK for this version? Maciej --- nis/nss_nisplus/nisplus-parser.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) glibc-nisplus-parse-pwent-len.diff Index: glibc/nis/nss_nisplus/nisplus-parser.c =================================================================== --- glibc.orig/nis/nss_nisplus/nisplus-parser.c 2018-06-18 16:54:13.077894266 +0100 +++ glibc/nis/nss_nisplus/nisplus-parser.c 2018-06-18 16:55:04.831413510 +0100 @@ -82,7 +82,7 @@ _nss_nisplus_parse_pwent (nis_result *re char *numstr = NISOBJVAL (2, obj); len = NISOBJLEN (2, obj); - if (len == 0 && numstr[len - 1] != '\0') + if (len == 0 || numstr[len - 1] != '\0') { if (len >= room_left) goto no_more_room; @@ -98,7 +98,7 @@ _nss_nisplus_parse_pwent (nis_result *re numstr = NISOBJVAL (3, obj); len = NISOBJLEN (3, obj); - if (len == 0 && numstr[len - 1] != '\0') + if (len == 0 || numstr[len - 1] != '\0') { if (len >= room_left) goto no_more_room;