The end*ent functions such as internal_endpwent call into the rest of glibc and other NSS modules, without saving errno around those calls. Since successful function calls can clobber errno, a critical ERANGE error can be masked, and the caller will not retry with a larger buffer, reporting a different error instead.
Patch posted: https://sourceware.org/pipermail/libc-alpha/2020-May/113864.html
Fixed for glibc 2.32 with: commit 790b8dda4455865cb8c3a47801f4304c1a43baf6 Author: Florian Weimer <fweimer@redhat.com> Date: Tue May 19 14:09:38 2020 +0200 nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976] During cleanup, before returning from get*_r functions, the end*ent calls must not change errno. Otherwise, an ERANGE error from the underlying implementation can be hidden, causing unexpected lookup failures. This commit introduces an internal_end*ent_noerror function which saves and restore errno, and marks the original internal_end*ent function as warn_unused_result, so that it is used only in contexts were errors from it can be handled explicitly. Reviewed-by: DJ Delorie <dj@redhat.com>