From patchwork Thu Mar 10 12:44:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 51852 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 7A802385800D for ; Thu, 10 Mar 2022 12:44:30 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7A802385800D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1646916270; bh=1X3nGv8bcbnJtVM2S7pYXg6SZI2WQ1FdzlFXO/xeZoc=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=OkfxGaEMhGJsdFpVS7GianHY/3xdhZ3H+myC56DoSKPUN4bvFXUdXdOWsxp9SRgQG +gdWNOTJDmW5JPWqLutuh8A5CrlmYuHh5j+gcsHmCXq9/1NJXNURdB1/lDXlk5Q2WA NvgVm6vVSbtHNOWAl2wiZW5d5O9FxYZWuXqMpTeA= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 2F6F53858C20 for ; Thu, 10 Mar 2022 12:44:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 2F6F53858C20 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-571-VFcBcWqfOmK81bgGl-QIuQ-1; Thu, 10 Mar 2022 07:44:08 -0500 X-MC-Unique: VFcBcWqfOmK81bgGl-QIuQ-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 80E6E1854E21 for ; Thu, 10 Mar 2022 12:44:07 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.88]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DAE8E8497A for ; Thu, 10 Mar 2022 12:44:06 +0000 (UTC) To: libc-alpha@sourceware.org Subject: [PATCH 1/2] nss: Do not mention NSS test modules in X-From-Line: 308dcd6582b5aad4446e70db9de9bf675b870471 Mon Sep 17 00:00:00 2001 Message-Id: <308dcd6582b5aad4446e70db9de9bf675b870471.1646916217.git.fweimer@redhat.com> Date: Thu, 10 Mar 2022 13:44:04 +0100 User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Florian Weimer via Libc-alpha From: Florian Weimer Reply-To: Florian Weimer Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" They are not actually installed. Hard-code the current soname for nss_files instead. --- nss/Makefile | 17 +++++++---------- shlib-versions | 5 ----- 2 files changed, 7 insertions(+), 15 deletions(-) base-commit: d653fd2d9ebe23c2b16b76edf717c5dbd5ce9b77 diff --git a/nss/Makefile b/nss/Makefile index 552e5d03e1..4125d13f87 100644 --- a/nss/Makefile +++ b/nss/Makefile @@ -171,24 +171,21 @@ $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps) $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps) $(build-module) $(objpfx)nss_test2.os : nss_test1.c -ifdef libnss_test1.so-version -$(objpfx)/libnss_test1.so$(libnss_test1.so-version): $(objpfx)/libnss_test1.so +# The .2 suffix comes from the nss_files version in shlib-versions. +$(objpfx)/libnss_test1.so.2: $(objpfx)/libnss_test1.so $(make-link) -endif -ifdef libnss_test2.so-version -$(objpfx)/libnss_test2.so$(libnss_test2.so-version): $(objpfx)/libnss_test2.so +$(objpfx)/libnss_test2.so.2: $(objpfx)/libnss_test2.so $(make-link) -endif $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \ - $(objpfx)/libnss_test1.so$(libnss_test1.so-version) \ - $(objpfx)/libnss_test2.so$(libnss_test2.so-version) + $(objpfx)/libnss_test1.so.2 \ + $(objpfx)/libnss_test2.so.2 ifeq (yes,$(have-thread-library)) $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library) endif -$(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so -$(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so +$(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so.2 +$(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so.2 # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS # functions can load testing NSS modules via DT_RPATH. diff --git a/shlib-versions b/shlib-versions index df6603e699..b87ab50c59 100644 --- a/shlib-versions +++ b/shlib-versions @@ -47,11 +47,6 @@ libnss_ldap=2 libnss_hesiod=2 libnss_db=2 -# Tests for NSS. They must have the same NSS_SHLIB_REVISION number as -# the rest. -libnss_test1=2 -libnss_test2=2 - # Version for libnsl with YP and NIS+ functions. libnsl=1 From patchwork Thu Mar 10 12:44:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 51853 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 962023857C69 for ; Thu, 10 Mar 2022 12:45:12 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 962023857C69 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1646916312; bh=GPw4y5zj0Ksd2jabWAWz5TVL8eT5Gn6qQmDCkV+iBBo=; h=To:Subject:In-Reply-To:References:Date:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=q8rm6fF5S6lifvwJIX5Rfdo47UutcZp0F996GJmF3xab9mWov2fK6rTSo47MrwiEH jrb9ie49uyl531jHOUhygbKp2ttCZOAsh8SwFmeFk2jPlDJlRTlzWQ1T6tfjPKbiwX VeOAR74e2jdMWsFJHfDfdAHbp9A1MXMFErl69o3s= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 5BA203858425 for ; Thu, 10 Mar 2022 12:44:30 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 5BA203858425 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-499-n5c5OG9GNDuZoSQLYxWm-g-1; Thu, 10 Mar 2022 07:44:27 -0500 X-MC-Unique: n5c5OG9GNDuZoSQLYxWm-g-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9AA7C1854E21 for ; Thu, 10 Mar 2022 12:44:26 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.88]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B2F137B5F0 for ; Thu, 10 Mar 2022 12:44:25 +0000 (UTC) To: libc-alpha@sourceware.org Subject: [PATCH 2/2] nss: Protect against errno changes in function lookup (bug 28953) In-Reply-To: <308dcd6582b5aad4446e70db9de9bf675b870471.1646916217.git.fweimer@redhat.com> References: <308dcd6582b5aad4446e70db9de9bf675b870471.1646916217.git.fweimer@redhat.com> X-From-Line: cd03ff6ef7f7aece02cbe5e2ee50991fae53ad19 Mon Sep 17 00:00:00 2001 Message-Id: Date: Thu, 10 Mar 2022 13:44:23 +0100 User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Florian Weimer via Libc-alpha From: Florian Weimer Reply-To: Florian Weimer Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" dlopen may clobber errno. The nss_test_errno module uses an ELF constructor to achieve that, but there could be internal errors during dlopen that cause this, too. Therefore, the NSS framework has to guard against such errno clobbers. __nss_module_get_function is currently the only function that calls __nss_module_load, so it is sufficient to save and restore errno around this call. Tested on i386-linux-gnu and x86_64-linux-gnu. --- nss/Makefile | 13 +++++++-- nss/nss_module.c | 5 ++++ nss/nss_test_errno.c | 58 ++++++++++++++++++++++++++++++++++++++++ nss/tst-nss-test_errno.c | 43 +++++++++++++++++++++++++++++ 4 files changed, 117 insertions(+), 2 deletions(-) create mode 100644 nss/nss_test_errno.c create mode 100644 nss/tst-nss-test_errno.c diff --git a/nss/Makefile b/nss/Makefile index 4125d13f87..1d166cd39e 100644 --- a/nss/Makefile +++ b/nss/Makefile @@ -60,7 +60,8 @@ tests = test-netdb test-digits-dots tst-nss-getpwent bug17079 \ tst-nss-test1 \ tst-nss-test2 \ tst-nss-test4 \ - tst-nss-test5 + tst-nss-test5 \ + tst-nss-test_errno xtests = bug-erange tests-container = \ @@ -132,7 +133,7 @@ libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes)) ifeq ($(build-static-nss),yes) tests-static += tst-nss-static endif -extra-test-objs += nss_test1.os nss_test2.os +extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os include ../Rules @@ -166,16 +167,21 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver libof-nss_test1 = extramodules libof-nss_test2 = extramodules +libof-nss_test_errno = extramodules $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps) $(build-module) $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps) $(build-module) +$(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps) + $(build-module) $(objpfx)nss_test2.os : nss_test1.c # The .2 suffix comes from the nss_files version in shlib-versions. $(objpfx)/libnss_test1.so.2: $(objpfx)/libnss_test1.so $(make-link) $(objpfx)/libnss_test2.so.2: $(objpfx)/libnss_test2.so $(make-link) +$(objpfx)/libnss_test_errno.so.2: $(objpfx)/libnss_test_errno.so + $(make-link) $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \ $(objpfx)/libnss_test1.so.2 \ $(objpfx)/libnss_test2.so.2 @@ -194,3 +200,6 @@ LDFLAGS-tst-nss-test2 = -Wl,--disable-new-dtags LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags +LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags + +$(objpfx)tst-nss-test_errno.out: $(objpfx)/libnss_test_errno.so.2 diff --git a/nss/nss_module.c b/nss/nss_module.c index f9a1263e5a..4839448e35 100644 --- a/nss/nss_module.c +++ b/nss/nss_module.c @@ -330,9 +330,14 @@ name_search (const void *left, const void *right) void * __nss_module_get_function (struct nss_module *module, const char *name) { + /* A successful dlopen might clobber errno. */ + int saved_errno = errno; + if (!__nss_module_load (module)) return NULL; + __set_errno (saved_errno); + function_name *name_entry = bsearch (name, nss_function_name_array, array_length (nss_function_name_array), sizeof (function_name), name_search); diff --git a/nss/nss_test_errno.c b/nss/nss_test_errno.c new file mode 100644 index 0000000000..3a3c4e53a5 --- /dev/null +++ b/nss/nss_test_errno.c @@ -0,0 +1,58 @@ +/* NSS service provider with errno clobber. + Copyright (C) 2017-2022 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +/* Catch misnamed and functions. */ +#pragma GCC diagnostic error "-Wmissing-prototypes" +NSS_DECLARE_MODULE_FUNCTIONS (test_errno) + +static void __attribute__ ((constructor)) +init (void) +{ + /* An arbitrary error code which is otherwise not used. */ + errno = ELIBBAD; +} + +/* Lookup functions for pwd follow that do not return any data. */ + +/* Catch misnamed function definitions. */ + +enum nss_status +_nss_test_errno_setpwent (int stayopen) +{ + setenv ("_nss_test_errno_setpwent", "yes", 1); + return NSS_STATUS_SUCCESS; +} + +enum nss_status +_nss_test_errno_getpwent_r (struct passwd *result, + char *buffer, size_t size, int *errnop) +{ + setenv ("_nss_test_errno_getpwent_r", "yes", 1); + return NSS_STATUS_NOTFOUND; +} + +enum nss_status +_nss_test_errno_endpwent (void) +{ + setenv ("_nss_test_errno_endpwent", "yes", 1); + return NSS_STATUS_SUCCESS; +} diff --git a/nss/tst-nss-test_errno.c b/nss/tst-nss-test_errno.c new file mode 100644 index 0000000000..fae447b76f --- /dev/null +++ b/nss/tst-nss-test_errno.c @@ -0,0 +1,43 @@ +#include +#include +#include +#include +#include +#include +#include + +static int +do_test (void) +{ + __nss_configure_lookup ("passwd", "files test_errno"); + + errno = 0; + setpwent (); + TEST_COMPARE (errno, 0); + + bool root_seen = false; + while (true) + { + errno = 0; + struct passwd *e = getpwent (); + if (e == NULL) + break; + if (strcmp (e->pw_name, "root")) + root_seen = true; + } + + TEST_COMPARE (errno, 0); + TEST_VERIFY (root_seen); + + errno = 0; + endpwent (); + TEST_COMPARE (errno, 0); + + TEST_COMPARE_STRING (getenv ("_nss_test_errno_setpwent"), "yes"); + TEST_COMPARE_STRING (getenv ("_nss_test_errno_getpwent_r"), "yes"); + TEST_COMPARE_STRING (getenv ("_nss_test_errno_endpwent"), "yes"); + + return 0; +} + +#include