Bug 25976 - internal_end*ent in nss_compat may clobber errno, hiding ERANGE
Summary: internal_end*ent in nss_compat may clobber errno, hiding ERANGE
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: nss (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: 2.32
Assignee: Florian Weimer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-12 11:48 UTC by Florian Weimer
Modified: 2020-05-19 12:20 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2020-05-12 11:48:30 UTC 
The end*ent functions such as internal_endpwent call into the rest of glibc and other NSS modules, without saving errno around those calls. Since successful function calls can clobber errno, a critical ERANGE error can be masked, and the caller will not retry with a larger buffer, reporting a different error instead.
Comment 1 Florian Weimer 2020-05-12 12:53:12 UTC 
Patch posted: https://sourceware.org/pipermail/libc-alpha/2020-May/113864.html
Comment 2 Florian Weimer 2020-05-19 12:20:53 UTC 
Fixed for glibc 2.32 with:

commit 790b8dda4455865cb8c3a47801f4304c1a43baf6
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue May 19 14:09:38 2020 +0200

    nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976]
    
    During cleanup, before returning from get*_r functions, the end*ent
    calls must not change errno.  Otherwise, an ERANGE error from the
    underlying implementation can be hidden, causing unexpected lookup
    failures.  This commit introduces an internal_end*ent_noerror
    function which saves and restore errno, and marks the original
    internal_end*ent function as warn_unused_result, so that it is used
    only in contexts were errors from it can be handled explicitly.
    
    Reviewed-by: DJ Delorie <dj@redhat.com>