From patchwork Thu Nov 13 21:52:29 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandre Oliva X-Patchwork-Id: 3720 Received: (qmail 4115 invoked by alias); 13 Nov 2014 21:52:45 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 4102 invoked by uid 89); 13 Nov 2014 21:52:44 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.5 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com From: Alexandre Oliva To: libc-alpha@sourceware.org Subject: BZ#14498: fix infinite loop in nss_db_getservbyname Date: Thu, 13 Nov 2014 19:52:29 -0200 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) MIME-Version: 1.0 nss_db uses nss_files code for services, but a continue on protocol mismatch that doesn't affect nss_files skipped the code that advanced to the next db entry. Any one of these changes would suffice to fix it, but fixing both makes them both safer to reuse elsewhere. Regression tested on x86_64-linux-gnu. Ok to install? for ChangeLog [BZ #14498] * NEWS: Fixed. * nss/nss_db/db-XXX.c (_nss_db_get##name##_r): Update hidx after parsing line but before break_if_match. * nss/nss_files/files-service (DB_LOOKUP): Don't "continue;" if there is a protocol mismatch. --- NEWS | 8 ++++---- nss/nss_db/db-XXX.c | 9 ++++++--- nss/nss_files/files-service.c | 7 +++++-- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index 918b4a1..9ed697c 100644 --- a/NEWS +++ b/NEWS @@ -9,10 +9,10 @@ Version 2.21 * The following bugs are resolved with this release: - 6652, 12926, 14132, 14138, 14171, 15215, 15884, 17266, 17344, 17363, - 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, - 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, - 17589. + 6652, 12926, 14132, 14138, 14171, 14498, 15215, 15884, 17266, 17344, + 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, + 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, + 17585, 17589. * New locales: tu_IN, bh_IN. diff --git a/nss/nss_db/db-XXX.c b/nss/nss_db/db-XXX.c index 89b1a12..e950887 100644 --- a/nss/nss_db/db-XXX.c +++ b/nss/nss_db/db-XXX.c @@ -191,6 +191,12 @@ enum nss_status \ char *p = memcpy (buffer, valstr, len); \ \ int err = parse_line (p, result, data, buflen, errnop EXTRA_ARGS); \ + \ + /* Advance before break_if_match, lest it uses continue to skip + to the next entry. */ \ + if ((hidx += hval2) >= header->dbs[i].hashsize) \ + hidx -= header->dbs[i].hashsize; \ + \ if (err > 0) \ { \ status = NSS_STATUS_SUCCESS; \ @@ -203,9 +209,6 @@ enum nss_status \ status = NSS_STATUS_TRYAGAIN; \ break; \ } \ - \ - if ((hidx += hval2) >= header->dbs[i].hashsize) \ - hidx -= header->dbs[i].hashsize; \ } \ \ if (status == NSS_STATUS_NOTFOUND) \ diff --git a/nss/nss_files/files-service.c b/nss/nss_files/files-service.c index 2401cb0..c28c62f 100644 --- a/nss/nss_files/files-service.c +++ b/nss/nss_files/files-service.c @@ -44,8 +44,11 @@ DB_LOOKUP (servbyname, ':', { /* Must match both protocol (if specified) and name. */ if (proto != NULL && strcmp (result->s_proto, proto)) - continue; - LOOKUP_NAME (s_name, s_aliases) + /* A continue statement here breaks nss_db, because it + bypasses advancing to the next db entry, and it + doesn't make nss_files any more efficient. */; + else + LOOKUP_NAME (s_name, s_aliases) }, const char *name, const char *proto)