Bug 2114

Summary: nscd crashes all the time
Product: glibc Reporter: Dirk Mueller <dmueller>
Component: nscdAssignee: Ulrich Drepper <drepper.fsp>
Status: RESOLVED FIXED    
Severity: critical CC: glibc-bugs
Priority: P2 Flags: fweimer: security-
Version: unspecified   
Target Milestone: ---   
Host: i686-pc-linux-gnu Target:
Build: Last reconfirmed:
Attachments: the fix

Description Dirk Mueller 2006-01-06 17:21:16 UTC 
nscd crashes all the time when SENDFILE support is enabled. the reason is that 
it tries to sendfile() data that hasn't been allocated in the mmap area but on 
the stack. also, there is apparently an error in the assert().  
 
patch below
Comment 1 Dirk Mueller 2006-01-06 17:23:04 UTC 
Created attachment 817 [details]
the fix
Comment 2 Ulrich Drepper 2006-01-06 19:15:13 UTC 
I've applied the additions to the if expressions.  But what problems do you have
with the asserts?  Using the data member is a more restrictive test and should
be correct unless I miss something in the moment.

And further: if the alloca use fits you "all the time" your setup is completely
screwed since your cache files are too small.
Comment 3 Dirk Mueller 2006-01-08 17:52:32 UTC 
no, it also happens if somebody requests stuff that can't be cached by nscd,  
like for example RR DNS and similiar. Thats not necessarily a configuration  
problem.   
  
I agree that the assert() should be more restrictive as it is, but it looks 
inconsistent and quite confusing. either the 2nd one should be changed like in 
the patch, or an additional assert (db->data > db->head) should be added. Or 
the 3rd one could most likely be changed to refer to db->data as well instead 
of db->head like it does now. Would make the expression even simpler as well. 
 
Whatever you prefer, right now the asserts are pretty inconsistent though.
Comment 4 Ulrich Drepper 2006-01-10 00:25:08 UTC 
No reply, I'm closing the bug because I think it is correct.
Comment 5 Christophe Saout 2006-02-23 23:38:54 UTC 
The asserts seem to be failing again in the 20060207 version:

nscd: hstcache.c:341: cache_addhst: Zusicherung »(char *) &dataset->resp - (char
*) db->head + total <= (sizeof (struct database_pers_head) + db->head->module *
sizeof (ref_t) + db->head->data_size)« nicht erfüllt.

after being started for about a minute with lots of host name lookups.

It seems to work on x86 though, and it's quickly failing on two x64_64 machines. 
I'm using nss_ldap.

(please reopen or tell me to file a new bug if this is really a new bug)
Comment 6 Christophe Saout 2006-03-05 10:34:00 UTC 
... stopped crashing with update of nss_ldap, so ignore this.