nss_db: protect against empty mappings
Commit Message
"Carlos O'Donell" <carlos@redhat.com> writes:
> Merge the fixes then.
Subject: nss_db: fix endent wrt NULL mappings
nss_db allows for getpwent et al to be called without a set*ent,
but it only works once. After the last get*ent a set*ent is
required to restart, because the end*ent did not properly reset
the module. Resetting it to NULL allows for a proper restart.
If the database doesn't exist, however, end*ent erroniously called
munmap which set errno.
The test case runs "makedb" inside the testroot, so needs selinux
DSOs installed.
Resolves: #24695
Resolves: #24696
2019-06-17 DJ Delorie <dj@redhat.com>
Sergei Trofimovich <slyfox@inbox.ru>
[BZ #24696]
[BZ #24695]
* nss/nss_db/db-open.c (internal_endent): Protect against NULL
mappings.
* nss/tst-nss-db-endgrent.c: New.
* nss/tst-nss-db-endgrent.root: New.
* nss/tst-nss-db-endpwent.c: New.
* nss/tst-nss-db-endpwent.root: New.
* nss/Makefile: Add new tests.
* support/links-dso-program-c.c: Add selinux dependency.
* support/links-dso-program.cc: Add selinux dependency.
* support/Makefile: Build those with -lselinux if enabled.
Comments
* DJ Delorie:
> "Carlos O'Donell" <carlos@redhat.com> writes:
>> Merge the fixes then.
>
> Subject: nss_db: fix endent wrt NULL mappings
>
> nss_db allows for getpwent et al to be called without a set*ent,
> but it only works once. After the last get*ent a set*ent is
> required to restart, because the end*ent did not properly reset
> the module. Resetting it to NULL allows for a proper restart.
>
> If the database doesn't exist, however, end*ent erroniously called
> munmap which set errno.
>
> The test case runs "makedb" inside the testroot, so needs selinux
> DSOs installed.
>
> Resolves: #24695
> Resolves: #24696
You need to add “[BZ #24695]” or “bug 24695” to the commit message, the
above will not work. If you can squeeze both numbers into the first
line, that's best.
> + /* Before the fix, this would call munmap(NULL) and set errno. */
Missing space before parenthesis.
> + /* setpwent() is intentionally omitted here. The first call to
> + getpwent detects that it's first and initializes. The second
> + time try_it is called, this "first call" was not detected before
> + the fix, and getpwent would crash. */
GNU style is not to write () after function names.
> + while ((pw = getpwent ()) != NULL)
> + ;
> +
> + endpwent ();
Would it be possible to add error checking here?
> + system ("/usr/bin/makedb -o /var/db/passwd.db /var/db/passwd.in");
I think you need to use the actual installation path, not /usr/bin.
Thanks,
Florian
On 6/18/19 2:12 AM, Florian Weimer wrote:>> + system ("/usr/bin/makedb -o /var/db/passwd.db /var/db/passwd.in")
> I think you need to use the actual installation path, not /usr/bin.
Correct, you need support_bindir_prefix[].
The /var/db is not configurable, so it can remain static.
@@ -61,7 +61,9 @@ xtests = bug-erange
tests-container = \
tst-nss-test3 \
- tst-nss-files-hosts-long
+ tst-nss-files-hosts-long \
+ tst-nss-db-endpwent \
+ tst-nss-db-endgrent
# Tests which need libdl
ifeq (yes,$(build-shared))
@@ -63,5 +63,9 @@ internal_setent (const char *file, struct nss_db_map *mapping)
void
internal_endent (struct nss_db_map *mapping)
{
- munmap (mapping->header, mapping->len);
+ if (mapping->header != NULL)
+ {
+ munmap (mapping->header, mapping->len);
+ mapping->header = NULL;
+ }
}
new file mode 100644
@@ -0,0 +1,50 @@
+/* Test for endgrent changing errno. BZ #24696
+ Copyright (C) 2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <support/check.h>
+#include <support/support.h>
+
+
+static int
+do_test (void)
+{
+ /* Just make sure it's not there, although usually it won't be. */
+ unlink ("/var/db/group.db");
+
+ /* This, in conjunction with the testroot's nsswitch.conf, causes
+ the nss_db module to be "connected" and initialized - but the
+ testroot has no group.db, so no mapping will be created. */
+ getgrent ();
+
+ errno = 0;
+
+ /* Before the fix, this would call munmap(NULL) and set errno. */
+ endgrent ();
+
+ if (errno != 0)
+ FAIL_EXIT1 ("endgrent set errno to %d\n", errno);
+
+ return 0;
+}
+#include <support/test-driver.c>
new file mode 100644
@@ -0,0 +1 @@
+group : db files
new file mode 100644
@@ -0,0 +1,50 @@
+/* Test for endpwent->getpwent crash. BZ #24695
+ Copyright (C) 2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <pwd.h>
+
+#include <support/check.h>
+
+static void
+try_it (void)
+{
+ struct passwd *pw;
+
+ /* setpwent() is intentionally omitted here. The first call to
+ getpwent detects that it's first and initializes. The second
+ time try_it is called, this "first call" was not detected before
+ the fix, and getpwent would crash. */
+
+ while ((pw = getpwent ()) != NULL)
+ ;
+
+ endpwent ();
+}
+
+static int
+do_test (void)
+{
+ system ("/usr/bin/makedb -o /var/db/passwd.db /var/db/passwd.in");
+ try_it ();
+ try_it ();
+
+ return 0;
+}
+#include <support/test-driver.c>
new file mode 100644
@@ -0,0 +1 @@
+passwd: db
new file mode 100644
@@ -0,0 +1,4 @@
+.root root:x:0:0:root:/root:/bin/bash
+=0 root:x:0:0:root:/root:/bin/bash
+.bin bin:x:1:1:bin:/bin:/sbin/nologin
+=1 bin:x:1:1:bin:/bin:/sbin/nologin
@@ -191,6 +191,11 @@ LINKS_DSO_PROGRAM = links-dso-program
LDLIBS-links-dso-program = -lstdc++ -lgcc -lgcc_s $(libunwind)
endif
+ifeq (yes,$(have-selinux))
+LDLIBS-$(LINKS_DSO_PROGRAM) += -lselinux
+endif
+
+
LDLIBS-test-container = $(libsupport)
others += test-container
@@ -1,9 +1,18 @@
#include <stdio.h>
+/* makedb needs selinux dso's. */
+#ifdef HAVE_SELINUX
+# include <selinux/selinux.h>
+int sel;
+#endif
+
int
main (int argc, char **argv)
{
/* Complexity to keep gcc from optimizing this away. */
printf ("This is a test %s.\n", argc > 1 ? argv[1] : "null");
+#ifdef HAVE_SELINUX
+ sel = is_selinux_enabled ();
+#endif
return 0;
}
@@ -1,5 +1,11 @@
#include <iostream>
+/* makedb needs selinux dso's. */
+#ifdef HAVE_SELINUX
+# include <selinux/selinux.h>
+int sel;
+#endif
+
using namespace std;
int
@@ -7,5 +13,8 @@ main (int argc, char **argv)
{
/* Complexity to keep gcc from optimizing this away. */
cout << (argc > 1 ? argv[1] : "null");
+#ifdef HAVE_SELINUX
+ sel = is_selinux_enabled ();
+#endif
return 0;
}