diff mbox series

[v2,2/2] nss: Protect against errno changes in function lookup (bug 28953)

Message ID ccc2d096177bf9db5f86499777e31c545cfa39a1.1646922805.git.fweimer@redhat.com
State Superseded
Headers
Series [1/2] nss: Do not mention NSS test modules in <gnu/lib-names.h> |

Checks

Context Check Description
dj/TryBot-apply_patch success Patch applied to master at the time it was sent
dj/TryBot-32bit success Build for i686

Commit Message

Florian Weimer March 10, 2022, 2:35 p.m. UTC 
  dlopen may clobber errno.  The nss_test_errno module uses an ELF
constructor to achieve that, but there could be internal errors
during dlopen that cause this, too.  Therefore, the NSS framework
has to guard against such errno clobbers.

__nss_module_get_function is currently the only function that calls
__nss_module_load, so it is sufficient to save and restore errno
around this call.
---
v2: Fix copyright headers.  Use $(libnss_files.so-version).  Add test
    module dependency in the right place.

 nss/Makefile             | 15 ++++++++--
 nss/nss_module.c         |  5 ++++
 nss/nss_test_errno.c     | 58 ++++++++++++++++++++++++++++++++++++++
 nss/tst-nss-test_errno.c | 61 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 136 insertions(+), 3 deletions(-)
 create mode 100644 nss/nss_test_errno.c
 create mode 100644 nss/tst-nss-test_errno.c

Comments

Andreas Schwab March 10, 2022, 3:14 p.m. UTC | #1 
On Mär 10 2022, Florian Weimer via Libc-alpha wrote:

> diff --git a/nss/nss_module.c b/nss/nss_module.c
> index f9a1263e5a..4839448e35 100644
> --- a/nss/nss_module.c
> +++ b/nss/nss_module.c
> @@ -330,9 +330,14 @@ name_search (const void *left, const void *right)
>  void *
>  __nss_module_get_function (struct nss_module *module, const char *name)
>  {
> +  /* A successful dlopen might clobber errno.   */
> +  int saved_errno = errno;
> +
>    if (!__nss_module_load (module))
>      return NULL;
>  
> +  __set_errno (saved_errno);
> +

Is an unsuccessful load allowed to change errno?
Florian Weimer March 10, 2022, 3:39 p.m. UTC | #2 
* Andreas Schwab:

> On Mär 10 2022, Florian Weimer via Libc-alpha wrote:
>
>> diff --git a/nss/nss_module.c b/nss/nss_module.c
>> index f9a1263e5a..4839448e35 100644
>> --- a/nss/nss_module.c
>> +++ b/nss/nss_module.c
>> @@ -330,9 +330,14 @@ name_search (const void *left, const void *right)
>>  void *
>>  __nss_module_get_function (struct nss_module *module, const char *name)
>>  {
>> +  /* A successful dlopen might clobber errno.   */
>> +  int saved_errno = errno;
>> +
>>    if (!__nss_module_load (module))
>>      return NULL;
>>  
>> +  __set_errno (saved_errno);
>> +
>
> Is an unsuccessful load allowed to change errno?

This is bug 22041 territory.  I think in the current code, we should not
change errno here.  Good catch.  I'll send a v3.

Thanks,
Florian
diff mbox series

Patch

diff --git a/nss/Makefile b/nss/Makefile
index 74e2c2426c..de439d4911 100644
--- a/nss/Makefile
+++ b/nss/Makefile
@@ -60,7 +60,8 @@  tests			= test-netdb test-digits-dots tst-nss-getpwent bug17079 \
 			  tst-nss-test1 \
 			  tst-nss-test2 \
 			  tst-nss-test4 \
-			  tst-nss-test5
+			  tst-nss-test5 \
+			  tst-nss-test_errno
 xtests			= bug-erange
 
 tests-container = \
@@ -132,7 +133,7 @@  libnss_compat-inhibit-o	= $(filter-out .os,$(object-suffixes))
 ifeq ($(build-static-nss),yes)
 tests-static		+= tst-nss-static
 endif
-extra-test-objs		+= nss_test1.os nss_test2.os
+extra-test-objs		+= nss_test1.os nss_test2.os nss_test_errno.os
 
 include ../Rules
 
@@ -166,19 +167,26 @@  rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver
 
 libof-nss_test1 = extramodules
 libof-nss_test2 = extramodules
+libof-nss_test_errno = extramodules
 $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps)
 	$(build-module)
 $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps)
 	$(build-module)
+$(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps)
+	$(build-module)
 $(objpfx)nss_test2.os : nss_test1.c
 # Use the nss_files suffix for these objects as well.
 $(objpfx)/libnss_test1.so$(libnss_files.so-version): $(objpfx)/libnss_test1.so
 	$(make-link)
 $(objpfx)/libnss_test2.so$(libnss_files.so-version): $(objpfx)/libnss_test2.so
 	$(make-link)
+$(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \
+  $(objpfx)/libnss_test_errno.so
+	$(make-link)
 $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \
 	$(objpfx)/libnss_test1.so$(libnss_files.so-version) \
-	$(objpfx)/libnss_test2.so$(libnss_files.so-version)
+	$(objpfx)/libnss_test2.so$(libnss_files.so-version) \
+	$(objpfx)/libnss_test_errno.so$(libnss_files.so-version)
 
 ifeq (yes,$(have-thread-library))
 $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library)
@@ -194,3 +202,4 @@  LDFLAGS-tst-nss-test2 = -Wl,--disable-new-dtags
 LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags
 LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags
 LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags
+LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags
diff --git a/nss/nss_module.c b/nss/nss_module.c
index f9a1263e5a..4839448e35 100644
--- a/nss/nss_module.c
+++ b/nss/nss_module.c
@@ -330,9 +330,14 @@  name_search (const void *left, const void *right)
 void *
 __nss_module_get_function (struct nss_module *module, const char *name)
 {
+  /* A successful dlopen might clobber errno.   */
+  int saved_errno = errno;
+
   if (!__nss_module_load (module))
     return NULL;
 
+  __set_errno (saved_errno);
+
   function_name *name_entry = bsearch (name, nss_function_name_array,
                                        array_length (nss_function_name_array),
                                        sizeof (function_name), name_search);
diff --git a/nss/nss_test_errno.c b/nss/nss_test_errno.c
new file mode 100644
index 0000000000..680f8a07b9
--- /dev/null
+++ b/nss/nss_test_errno.c
@@ -0,0 +1,58 @@ 
+/* NSS service provider with errno clobber.
+   Copyright (C) 2022 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <errno.h>
+#include <nss.h>
+#include <stdlib.h>
+
+/* Catch misnamed and functions.  */
+#pragma GCC diagnostic error "-Wmissing-prototypes"
+NSS_DECLARE_MODULE_FUNCTIONS (test_errno)
+
+static void __attribute__ ((constructor))
+init (void)
+{
+  /* An arbitrary error code which is otherwise not used.  */
+  errno = ELIBBAD;
+}
+
+/* Lookup functions for pwd follow that do not return any data.  */
+
+/* Catch misnamed function definitions.  */
+
+enum nss_status
+_nss_test_errno_setpwent (int stayopen)
+{
+  setenv ("_nss_test_errno_setpwent", "yes", 1);
+  return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status
+_nss_test_errno_getpwent_r (struct passwd *result,
+                            char *buffer, size_t size, int *errnop)
+{
+  setenv ("_nss_test_errno_getpwent_r", "yes", 1);
+  return NSS_STATUS_NOTFOUND;
+}
+
+enum nss_status
+_nss_test_errno_endpwent (void)
+{
+  setenv ("_nss_test_errno_endpwent", "yes", 1);
+  return NSS_STATUS_SUCCESS;
+}
diff --git a/nss/tst-nss-test_errno.c b/nss/tst-nss-test_errno.c
new file mode 100644
index 0000000000..d2c42dd363
--- /dev/null
+++ b/nss/tst-nss-test_errno.c
@@ -0,0 +1,61 @@ 
+/* getpwent failure when dlopen clobbers errno (bug 28953).
+   Copyright (C) 2022 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <nss.h>
+#include <support/check.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <stdbool.h>
+#include <pwd.h>
+#include <string.h>
+
+static int
+do_test (void)
+{
+  __nss_configure_lookup ("passwd", "files test_errno");
+
+  errno = 0;
+  setpwent ();
+  TEST_COMPARE (errno, 0);
+
+  bool root_seen = false;
+  while (true)
+    {
+      errno = 0;
+      struct passwd *e = getpwent ();
+      if (e == NULL)
+        break;
+      if (strcmp (e->pw_name, "root"))
+        root_seen = true;
+    }
+
+  TEST_COMPARE (errno, 0);
+  TEST_VERIFY (root_seen);
+
+  errno = 0;
+  endpwent ();
+  TEST_COMPARE (errno, 0);
+
+  TEST_COMPARE_STRING (getenv ("_nss_test_errno_setpwent"), "yes");
+  TEST_COMPARE_STRING (getenv ("_nss_test_errno_getpwent_r"), "yes");
+  TEST_COMPARE_STRING (getenv ("_nss_test_errno_endpwent"), "yes");
+
+  return 0;
+}
+
+#include <support/test-driver.c>