Hi ,maintainer of the community, I found that null pointers were not protected in the following functions when I performed fault injection locally, causing Program terminated with signal SIGSEGV, Segmentation fault. 【log】: Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f273d642e5d in __GI___nss_lookup_function (fct_name=0x7f273d6c54a1 "getpwuid_r", ni=<optimized out>) at nsswitch.c:136 136 if (ni->module == NULL) 【Here's my modified patch】: diff --git a/nss/nss_module.c b/nss/nss_module.c index b28cb94a..bb2807e9 100644 --- a/nss/nss_module.c +++ b/nss/nss_module.c @@ -352,7 +352,7 @@ nss_load_all_libraries (enum nss_database service) { nss_action_list ni = NULL; - if (__nss_database_get (service, &ni)) + if (__nss_database_get (service, &ni) && ni != NULL) while (ni->module != NULL) { __nss_module_load (ni->module); diff --git a/nss/nsswitch.c b/nss/nsswitch.c index 6b7d4c78..c9d7e372 100644 --- a/nss/nsswitch.c +++ b/nss/nsswitch.c @@ -133,7 +133,7 @@ libc_hidden_def (__nss_next2) void * __nss_lookup_function (nss_action_list ni, const char *fct_name) { - if (ni->module == NULL) + if (ni == NULL || ni->module == NULL) return NULL; return __nss_module_get_function (ni->module, fct_name); } -- Looking forward to your reply
Where exactly does the failure happen? When __nss_database_get returns successfully, the resulting action list should never be null.
(In reply to Andreas Schwab from comment #1) > Where exactly does the failure happen? When __nss_database_get returns > successfully, the resulting action list should never be null. 【This is the complete gdb information】: Copyright (C) 2021 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-openEuler-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from kinit... Reading symbols from /usr/lib/debug//usr/bin/kinit-1.19.2-2.h11.eulerosv2r11.x86_64.debug... [New LWP 52584] [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib64/libthread_db.so.1". Core was generated by `/usr/bin/kinit -R'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f273d642e5d in __GI___nss_lookup_function (fct_name=0x7f273d6c54a1 "getpwuid_r", ni=<optimized out>) at nsswitch.c:136 136 if (ni->module == NULL) (gdb) bt #0 0x00007f273d642e5d in __GI___nss_lookup_function (fct_name=0x7f273d6c54a1 "getpwuid_r", ni=<optimized out>) at nsswitch.c:136 #1 __GI___nss_lookup (ni=ni@entry=0x7ffdfb77b698, fct_name=fct_name@entry=0x7f273d6c54a1 "getpwuid_r", fct2_name=fct2_name@entry=0x0, fctp=fctp@entry=0x7ffdfb77b6a0) at nsswitch.c:68 #2 0x00007f273d6440f7 in __GI___nss_passwd_lookup2 (ni=ni@entry=0x7ffdfb77b698, fct_name=fct_name@entry=0x7f273d6c54a1 "getpwuid_r", fct2_name=fct2_name@entry=0x0, fctp=fctp@entry=0x7ffdfb77b6a0) at XXX-lookup.c:58 #3 0x00007f273d5e4090 in __getpwuid_r (uid=uid@entry=0, resbuf=resbuf@entry=0x7f273d705560 <resbuf>, buffer=0x55f15d3a90f0 "", buflen=buflen@entry=1024, result=result@entry=0x7ffdfb77b6f0) at ../nss/getXXbyYY_r.c:265 #4 0x00007f273d5e39c3 in getpwuid (uid=0) at ../nss/getXXbyYY.c:134 #5 0x000055f15c043d55 in get_name_from_os () at kinit.c:52 #6 k5_begin (k5=0x7ffdfb77b780, opts=0x7ffdfb77b830) at kinit.c:539 #7 main (argc=<optimized out>, argv=0x7ffdfb77b780) at kinit.c:885 When locating the upper-layer function __nss_lookup_function, it is not found that the input ni in the function is null.