30151 – sgetsgent_r does not implement ERANGE protocol compatible with sgetsgent

Bug 30151 - sgetsgent_r does not implement ERANGE protocol compatible with sgetsgent

Summary: sgetsgent_r does not implement ERANGE protocol compatible with sgetsgent

Status:	ASSIGNED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	nss (show other bugs)
Version:	2.38

Importance:	P2 normal
Target Milestone:	---
Assignee:	Florian Weimer

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-02-21 08:13 UTC by Florian Weimer
Modified:	2023-02-23 15:23 UTC (History)
CC List:	3 users (show)

See Also:	20338 https://bugzilla.redhat.com/show_bug.cgi?id=2172949
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Weimer 2023-02-21 08:13:08 UTC

The sgetsgent function checks errno for ERANGE, but sgetsgent_r only returns ERANGE, but does not set errno to ERANGE. As a result, sgetsgent does not detect failure at all, and returns indicating success without filling in the struct sgrp result.

This bug is somewhat similar in effect as bug 20338, but the root cause is quite different.

Comment 1 Florian Weimer 2023-02-21 08:13:41 UTC

Not labeling as a security bug because /etc/gshadow contents (to which this data relates) is trusted data.

Comment 2 Florian Weimer 2023-02-21 08:42:02 UTC

Patch posted:

[PATCH] gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug 30151)
<https://sourceware.org/pipermail/libc-alpha/2023-February/145752.html>