Summary: | FAIL: nss/bug17079 due to _nss_sss_getpwuid_r | ||
---|---|---|---|
Product: | glibc | Reporter: | H.J. Lu <hjl.tools> |
Component: | nss | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | carlos |
Priority: | P2 | Flags: | fweimer:
security-
|
Version: | 2.27 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: |
Description
H.J. Lu
2017-11-29 17:50:24 UTC
241 enum nss_status _nss_sss_getpwuid_r(uid_t uid, struct passwd *result, 242 char *buffer, size_t buflen, int *errnop) 243 { 244 struct sss_cli_req_data rd; 245 struct sss_nss_pw_rep pwrep; 246 uint8_t *repbuf; 247 size_t replen, len; 248 uint32_t num_results; 249 enum nss_status nret; 250 uint32_t user_uid; 251 int ret; 252 253 /* Caught once glibc passing in buffer == 0x0 */ 254 if (!buffer || !buflen) return ERANGE; This is a bug in sssd. It can't return ERANGE since that's not a valid nss_status enumeration. (In reply to Carlos O'Donell from comment #1) > This is a bug in sssd. It can't return ERANGE since that's not a valid > nss_status enumeration. I'm going to file a bug upstream, and with Fedora. In the meantime the eventual solution here will be to move this test to the containerized testing we are putting together, at that point it will be distinct from the /etc/nsswitch.conf on your system. Therefore I think that this test case is simply going to fail until you get a fixed sssd through your distribution. (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ffff7a5a311 in __GI_abort () at abort.c:79 #2 0x00007ffff7a99c25 in __libc_message (action=action@entry=(do_abort | do_backtrace), fmt=fmt@entry=0x7ffff7b9a3a1 "%s") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007ffff7a99c62 in __GI___libc_fatal ( message=message@entry=0x7ffff7b9abef "illegal status in __nss_next") at ../sysdeps/posix/libc_fatal.c:191 #4 0x00007ffff7b36958 in __GI___nss_next2 (ni=ni@entry=0x7fffffffda70, fct_name=fct_name@entry=0x7ffff7b98f7f "getpwuid_r", fct2_name=fct2_name@entry=0x0, fctp=fctp@entry=0x7fffffffda78, status=status@entry=34, all_values=all_values@entry=0) at nsswitch.c:238 #5 0x00007ffff7ae3675 in __getpwuid_r (uid=0, resbuf=resbuf@entry=0x7fffffffdaf0, buffer=buffer@entry=0x607c30 "", buflen=buflen@entry=0, result=result@entry=0x7fffffffdae8) at ../nss/getXXbyYY_r.c:385 #6 0x0000000000401742 in test_one (item=item@entry=0x6041a0 <test_items>, buffer_size=buffer_size@entry=0, pad=pad@entry=0 '\000', padding_size=padding_size@entry=0) at bug17079.c:156 #7 0x000000000040195f in test_buffer_size (buffer_size=buffer_size@entry=0) at bug17079.c:202 #8 0x0000000000401b6c in do_test () at bug17079.c:221 #9 0x000000000040243b in support_test_main (argc=1, argv=0x7fffffffdd68, config=config@entry=0x7fffffffdc30) at support_test_main.c:349 #10 0x0000000000401491 in main (argc=<optimized out>, argv=<optimized out>) at ../support/test-driver.c:164 So we abort with 'illegal status in __nss_next' which is OK, since it shows the NSS DSO is broken. I have confirmed I can fix this by patching sssd's client NSS DSO, and I'm going to submit the pull request to fix this. Pull request filed with the fix. https://pagure.io/SSSD/sssd/pull-request/3589 (In reply to Carlos O'Donell from comment #4) > Pull request filed with the fix. > > https://pagure.io/SSSD/sssd/pull-request/3589 Now fixed in sssd master, and it should be going out to Fedora. https://pagure.io/SSSD/sssd/c/c096972ff25f14a390a621851f4935901b908be8 I'm marking this RESOLVED/INVALID since this is not a glibc bug, but an sssd bug in the handling of invalid buffer pointers and sizes. |