| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calls to stpcpy from nscd netgroups code will have overlapping source
and destination when all three values in the returned triplet are
non-NULL and in the expected (host,user,domain) order. This is seen
in valgrind as:
==3181== Source and destination overlap in stpcpy(0x19973b48, 0x19973b48)
==3181== at 0x4C2F30A: stpcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3181== by 0x12567A: addgetnetgrentX (string3.h:111)
==3181== by 0x12722D: addgetnetgrent (netgroupcache.c:665)
==3181== by 0x11114C: nscd_run_worker (connections.c:1338)
==3181== by 0x4E3C102: start_thread (pthread_create.c:309)
==3181== by 0x59B81AC: clone (clone.S:111)
==3181==
Fix this by using memmove instead of stpcpy.
(cherry picked from commit ea7d8b95e2fcb81f68b04ed7787a3dbda023991a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nscd works correctly when the request in innetgr is a wildcard,
i.e. when one or more of host, user or domain parameters is NULL.
However, it does not work when the the triplet in the netgroup
definition has a wildcard. This is easy to reproduce for a triplet
defined as follows:
foonet (,foo,)
Here, an innetgr call that looks like this:
innetgr ("foonet", "foohost", "foo", NULL);
should succeed and so should:
innetgr ("foonet", NULL, "foo", "foodomain");
It does succeed with nscd disabled, but not with nscd enabled. This
fix adds this additional check for all three parts of the triplet so
that it gives the correct result.
[BZ #16758]
* nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
blank values.
(cherry picked from commit fbd6b5a4052316f7eb03c4617eebfaafc59dcc06)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL
(with errno as ERANGE) when the supplied buffer does not have
sufficient space for the result. This is wrong, because the canonical
way to indicate insufficient buffer is to set the errno to ERANGE and
the status to NSS_STATUS_TRYAGAIN, as is used by all other modules.
This fixes nscd behaviour when the nss_ldap module returns
NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to
fit into the supplied buffer.
(cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692)
Conflicts:
NEWS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The buffer to query netgroup entries is allocated sufficient space for
the netgroup entries and the key to be appended at the end, but it
sends in an incorrect available length to the NSS netgroup query
functions, resulting in overflow of the buffer in some special cases.
The fix here is to factor in the key length when sending the available
buffer and buffer length to the query functions.
(cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f)
Conflicts:
NEWS
|
|
|
|
|
|
| |
Using a buffer after it has been reallocated is undefined behaviour,
so get offsets of the triplets in the old buffer before reallocating
it.
|
|
|
|
|
|
|
|
|
| |
The _nss_*_getnetgrent_r query populates the netgroup results in the
allocated buffer and then sets the result triplet to point to strings
in the buffer. This is a problem when the buffer is reallocated since
the pointers to the triplet strings are no longer valid. The pointers
need to be adjusted so that they now point to strings in the
reallocated buffer.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
addgetnetgrentX has a buffer which is grown as per the needs of the
requested size either by using alloca or by falling back to malloc if
the size is larger than 1K. There are two problems with the alloca
bits: firstly, it doesn't really extend the buffer since it does not
use the return value of the extend_alloca macro, which is the location
of the reallocated buffer. Due to this the buffer does not actually
extend itself and hence a subsequent write may overwrite stuff on the
stack.
The second problem is more subtle - the buffer growth on the stack is
discontinuous due to block scope local variables. Combine that with
the fact that unlike realloc, extend_alloca does not copy over old
content and you have a situation where the buffer just has garbage in
the space where it should have had data.
This could have been fixed by adding code to copy over old data
whenever we call extend_alloca, but it seems unnecessarily
complicated. This code is not exactly a performance hotspot (it's
called when there is a cache miss, so factors like network lookup or
file reads will dominate over memory allocation/reallocation), so this
premature optimization is unnecessary.
Thanks Brad Hubbard <bhubbard@redhat.com> for his help with debugging
the problem.
|
|
|
|
|
|
| |
Usage output for option --invalidate=TABLE is not helpful without
list of tables. The list is also missing from nscd(8) manual which
made it pretty difficult to know what are the tables.
|
|
|
|
|
|
|
| |
nscd incorrectly returns a success even when the netgroup in question
is not found and adds a positive result in the cache. this patch
fixes this behaviour by adding a negative lookup entry to cache and
returning an error when the netgroup is not found.
|
|
|
|
|
|
|
|
|
| |
Currently, when a user looks up a netgroup that does not have any
members, nscd goes into an infinite loop trying to find members in the
group. This is because it does not handle cases when getnetgrent
returns an NSS_STATUS_NOTFOUND (which is what it does on empty group).
Fixed to handle this in the same way as NSS_STATUS_RETURN, similar to
what getgrent does by itself.
|
|
|
|
| |
Update copyright years that are not handled by scripts/update-copyright.
|
| |
|
|
|
|
| |
Provide an example systemd unit and tmpfile for running nscd.
|
| |
|
|
|
|
|
|
|
| |
Autoconf has been deprecating configure.in for quite a long time.
Rename all our configure.in and preconfigure.in files to .ac.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
| |
Fixes unclosed '{' if HAVE_SENDFILE is defined (BZ #15895).
|
| |
|
|
|
|
| |
Fixes BZ #15890.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
These prototypes are duplicated in many places. Add a dedicated
header for holding prototypes for program-specific functions to
avoid that.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
We refactor the inotify file checking code and the
database clearing code out of the main_loop_poll and
mail_loop_epoll functions. We document some the related
functions with appropriate comments.
|
| |
|
|
|
|
| |
This reverts commit dd31ac7a8e0d4cc24eee6815f9101caa5aa64291.
|
|
|
|
| |
This reverts commit 70d3e06ed0ffabb6ce974cc94b2cff1d67252193.
|
|
|
|
| |
This reverts commit 7e9b080575fd68c788c33623594ba5516fa7ceb0.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* nscd/grpcache.c (cache_addgr): Properly check for short write.
* nscd/initgrcache.c (addinitgroupsX): Likewise.
* nscd/pwdcache.c (cache_addpw): Likewise.
* nscd/servicescache.c (cache_addserv): Likewise. Don't write
more than recsize.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* catgets/gencat.c: Update copyright year.
* csu/version.c: Likewise.
* debug/catchsegv.sh: Likewise.
* debug/pcprofiledump.c: Likewise.
* debug/xtrace.sh: Likewise.
* elf/ldconfig.c: Likewise.
* elf/ldd.bash.in: Likewise.
* elf/pldd.c: Likewise.
* elf/sotruss.ksh: Likewise.
* elf/sprof.c: Likewise.
* iconv/iconv_prog.c: Likewise.
* iconv/iconvconfig.c: Likewise.
* locale/programs/locale.c: Likewise.
* locale/programs/localedef.c: Likewise.
* login/programs/pt_chown.c: Likewise.
* malloc/memusage.sh: Likewise.
* malloc/memusagestat.c: Likewise.
* malloc/mtrace.pl: Likewise.
* nscd/nscd.c: Likewise.
* nss/getent.c: Likewise.
* nss/makedb.c: Likewise.
* posix/getconf.c: Likewise.
|
|
|
|
|
|
| |
* nscd/grpcache.c (cache_addgr): Rename alloca_used to
dataset_temporary. Track alloca usage into alloca_used.
If dataset is large allocate and release it via malloc/free.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 61653dfb81b776bb72ce4304175b861d77c357a8 added support for
compilers predefining _FORTIFY_SOURCE by adding -U_FORTIFY_SOURCE to
CPPFLAGS for these compilers, but that change doesn't work quite well in
case of nscd: its Makefile sets _FORTIFY_SOURCE using CFLAGS instead of
CPPFLAGS and, thanks to compilation rules defined in Makerules, CPPFLAGS
are passed to compiler after CFLAGS, resulting to a build with
_FORTIFY_SOURCE turned off.
This change implements a more safe method of passing preprocessor and
compiler flags so that no nscd modules could be accidentally forgotten.
|
|
|
|
| |
for USE_NSCD case.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2012-05-15 Jeff Law <law@redhat.com>
Andreas Jaeger <aj@suse.de>
[BZ #13594]
* nscd/nscd-client.h (__nscd_acquire_maplock): New function, split
out from...
* nscd/nscd_helper.c (__nscd_get_map_ref): ... here.
* nscd/nscd-client.h: Add __nscd_acquire_maplock.
* nscd/nscd_gethst_r.c (__nscd_get_nl_timestamp): Add locking to
code changing __hst_map_handle.map.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
2012-05-09 Andreas Jaeger <aj@suse.de>
* nscd/nscd.c (run_modes): Make named enum, reorder so that
default is first entry.
(run_mode): Set type.
(main): Remove informal message about syslog.
(options): Fix typo.
|
|
|
|
|
| |
* nscd/nscd.c (run_mode): Use enum.
(main): Cleanup coding style issue.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For a better integration of nscd with systemd, we should run nscd not as
daemon but in the foreground. A new --foreground option should be added.
2012-05-09 Alexandre Oliva <aoliva@redhat.com>
Andreas Jaeger <aj@suse.de>
* nscd/nscd.c (go_background): Replaced with...
(run_mode): ... this.
(RUN_FOREGROUND, RUN_DAEMONIZE, RUN_DEBUG): Add.
(options): Add -F --foreground.
(main): Implement it.
(parse_opt): Parse it.
|