Bug 26258 - nss_compat should not read input files with mmap
Summary: nss_compat should not read input files with mmap
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: nss (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: 2.32
Assignee: Florian Weimer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-17 07:40 UTC by Florian Weimer
Modified: 2020-07-21 15:17 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2020-07-17 07:40:24 UTC 
nss_compat opens its input files like this, requesting the use of mmap from fopen:

      ent->stream = fopen ("/etc/group", "rme");

This may result in crashes if the files are truncated while reading.
Comment 1 Florian Weimer 2020-07-17 08:32:59 UTC 
Patch posted: https://sourceware.org/pipermail/libc-alpha/2020-July/116432.html
Comment 2 Florian Weimer 2020-07-21 15:17:06 UTC 
Fixed for glibc 2.32 via:

commit 23ed36735af09c258e542266aaed92cdd8571c6c
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Jul 16 16:21:28 2020 +0200

    nss_compat: Do not use mmap to read database files (bug 26258)
    
    This avoids crashes in case the files are truncated for some reason.
    For typically file sizes, it is also going to be slightly faster.
    Using __nss_files_fopen instead mirrors what nss_files does.
    
    Tested-by: Carlos O'Donell <carlos@redhat.com>
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>