This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] Fix nss_db crash when db contains exactly one entry

From: Siddhesh Poyarekar <siddhesh at redhat dot com>
To: libc-alpha at sourceware dot org
Date: Tue, 27 Nov 2012 21:13:39 +0530
Subject: [PATCH] Fix nss_db crash when db contains exactly one entry

Hi,

It looks like the hashtable size calculation in nssdb is buggy, since
it returns a hashtable of size 1 when a database has just one entry.
This is easy to reproduce with the following:

* Have exactly one user associated with another group, i.e. exactly
  one line of the type:

mail:x:12:postfix

* Ensure that db is queried first for groups:

cat /etc/nsswitch.conf:

...
passwd:     files
shadow:     files
group:      db files
...

* Make the nssdb:

cd /var/db && make

* Start nscd -d and watch it crash

The crash is inside nssdb and hence with the above configuration,
programs throughout the system will eventually start crashing (sshd,
systemd/init, etc.).  Attached patch ensures that makedb sets the
hashtable size to a prime greater than 3, which is sufficient for the
way the hashtable is populated.

I've verified that this fixes the crash on an F18 test system
(2.16.x).  OK to check-in?

Siddhesh

ChangeLog:

	* nss/makedb.c (is_prime): Ensure that CANDIDATE is greater
        than 3.

Attachment: glibc-test.patch
Description: Text document

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]