[glibc.git] / nscd / nscd_getserv_r.c

/* Copyright (C) 2007-2024 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <https://www.gnu.org/licenses/>.  */

#include <assert.h>
#include <errno.h>
#include <string.h>
#include <not-cancel.h>
#include <_itoa.h>
#include <stdint.h>

#include "nscd-client.h"
#include "nscd_proto.h"


int __nss_not_use_nscd_services;


static int nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
			   request_type type, struct servent *resultbuf,
			   char *buf, size_t buflen, struct servent **result);


int
__nscd_getservbyname_r (const char *name, const char *proto,
			struct servent *result_buf, char *buf, size_t buflen,
			struct servent **result)
{
  return nscd_getserv_r (name, strlen (name), proto, GETSERVBYNAME, result_buf,
			 buf, buflen, result);
}


int
__nscd_getservbyport_r (int port, const char *proto,
			struct servent *result_buf, char *buf, size_t buflen,
			struct servent **result)
{
  char portstr[3 * sizeof (int) + 2];
  portstr[sizeof (portstr) - 1] = '\0';
  char *cp = _itoa_word (port, portstr + sizeof (portstr) - 1, 10, 0);

  return nscd_getserv_r (cp, portstr + sizeof (portstr) - 1 - cp, proto,
			 GETSERVBYPORT, result_buf, buf, buflen, result);
}


libc_locked_map_ptr (, __serv_map_handle) attribute_hidden;
/* Note that we only free the structure if necessary.  The memory
   mapping is not removed since it is not visible to the malloc
   handling.  */
void
__nscd_serv_map_freemem (void)
{
  if (__serv_map_handle.mapped != NO_MAPPING)
    {
      void *p = __serv_map_handle.mapped;
      __serv_map_handle.mapped = NO_MAPPING;
      free (p);
    }
}


static int
nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
		request_type type, struct servent *resultbuf,
		char *buf, size_t buflen, struct servent **result)
{
  int gc_cycle;
  int nretries = 0;
  size_t alloca_used = 0;

  /* If the mapping is available, try to search there instead of
     communicating with the nscd.  */
  struct mapped_database *mapped;
  mapped = __nscd_get_map_ref (GETFDSERV, "services", &__serv_map_handle,
			       &gc_cycle);
  size_t protolen = proto == NULL ? 0 : strlen (proto);
  size_t keylen = critlen + 1 + protolen + 1;
  int alloca_key = __libc_use_alloca (keylen);
  char *key;
  if (alloca_key)
    key = alloca_account (keylen, alloca_used);
  else
    {
      key = malloc (keylen);
      if (key == NULL)
	return -1;
    }
  memcpy (__mempcpy (__mempcpy (key, crit, critlen),
		     "/", 1), proto ?: "", protolen + 1);

 retry:;
  const char *s_name = NULL;
  const char *s_proto = NULL;
  int alloca_aliases_len = 0;
  const uint32_t *aliases_len = NULL;
  const char *aliases_list = NULL;
  int retval = -1;
  const char *recend = (const char *) ~UINTMAX_C (0);
  int sock = -1;
  serv_response_header serv_resp;

  if (mapped != NO_MAPPING)
    {
      struct datahead *found = __nscd_cache_search (type, key, keylen, mapped,
						    sizeof serv_resp);

      if (found != NULL)
	{
	  s_name = (char *) (&found->data[0].servdata + 1);
	  serv_resp = found->data[0].servdata;
	  s_proto = s_name + serv_resp.s_name_len;
	  alloca_aliases_len = 1;
	  aliases_len = (uint32_t *) (s_proto + serv_resp.s_proto_len);
	  aliases_list = ((char *) aliases_len
			  + serv_resp.s_aliases_cnt * sizeof (uint32_t));
	  recend = (const char *) found->data + found->recsize;
	  /* Now check if we can trust serv_resp fields.  If GC is
	     in progress, it can contain anything.  */
	  if (mapped->head->gc_cycle != gc_cycle)
	    {
	      retval = -2;
	      goto out;
	    }
	  if (__builtin_expect ((const char *) aliases_len
				+ serv_resp.s_aliases_cnt * sizeof (uint32_t)
				> recend, 0))
	    goto out;

	  /* The aliases_len array in the mapped database might very
	     well be unaligned.  We will access it word-wise so on
	     platforms which do not tolerate unaligned accesses we
	     need to make an aligned copy.  */
	  if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1))
	      != 0)
	    {
	      uint32_t *tmp;
	      alloca_aliases_len
		= __libc_use_alloca (alloca_used
				     + (serv_resp.s_aliases_cnt
					* sizeof (uint32_t)));
	      if (alloca_aliases_len)
		tmp = alloca_account (serv_resp.s_aliases_cnt
				      * sizeof (uint32_t),
				      alloca_used);
	      else
		{
		  tmp = malloc (serv_resp.s_aliases_cnt * sizeof (uint32_t));
		  if (tmp == NULL)
		    {
		      retval = ENOMEM;
		      goto out;
		    }
		}
	      aliases_len = memcpy (tmp, aliases_len,
				    serv_resp.s_aliases_cnt
				    * sizeof (uint32_t));
	    }
	}
    }

  if (s_name == NULL)
    {
      sock = __nscd_open_socket (key, keylen, type, &serv_resp,
				 sizeof (serv_resp));
      if (sock == -1)
	{
	  __nss_not_use_nscd_services = 1;
	  goto out;
	}
    }

  /* No value found so far.  */
  *result = NULL;

  if (__glibc_unlikely (serv_resp.found == -1))
    {
      /* The daemon does not cache this database.  */
      __nss_not_use_nscd_services = 1;
      goto out_close;
    }

  if (serv_resp.found == 1)
    {
      char *cp = buf;
      uintptr_t align1;
      uintptr_t align2;
      size_t total_len;
      ssize_t cnt;
      int n;

      /* A first check whether the buffer is sufficiently large is possible.  */
      /* Now allocate the buffer the array for the group members.  We must
	 align the pointer and the base of the h_addr_list pointers.  */
      align1 = ((__alignof__ (char *) - ((uintptr_t) cp))
		& (__alignof__ (char *) - 1));
      align2 = ((__alignof__ (char *) - ((uintptr_t) (cp + align1 + serv_resp.s_name_len
					  + serv_resp.s_proto_len)))
		& (__alignof__ (char *) - 1));
      if (buflen < (align1 + serv_resp.s_name_len + serv_resp.s_proto_len
		    + align2
		    + (serv_resp.s_aliases_cnt + 1) * sizeof (char *)))
	{
	no_room:
	  __set_errno (ERANGE);
	  retval = ERANGE;
	  goto out_close;
	}
      cp += align1;

      /* Prepare the result as far as we can.  */
      resultbuf->s_aliases = (char **) cp;
      cp += (serv_resp.s_aliases_cnt + 1) * sizeof (char *);

      resultbuf->s_name = cp;
      cp += serv_resp.s_name_len;
      resultbuf->s_proto = cp;
      cp += serv_resp.s_proto_len + align2;
      resultbuf->s_port = serv_resp.s_port;

      if (s_name == NULL)
	{
	  struct iovec vec[2];

	  vec[0].iov_base = resultbuf->s_name;
	  vec[0].iov_len = serv_resp.s_name_len + serv_resp.s_proto_len;
	  total_len = vec[0].iov_len;
	  n = 1;

	  if (serv_resp.s_aliases_cnt > 0)
	    {
	      assert (alloca_aliases_len == 0);
	      alloca_aliases_len
		= __libc_use_alloca (alloca_used
				     + (serv_resp.s_aliases_cnt
					* sizeof (uint32_t)));
	      if (alloca_aliases_len)
		aliases_len = alloca_account (serv_resp.s_aliases_cnt
					      * sizeof (uint32_t),
					      alloca_used);
	      else
		{
		  aliases_len = malloc (serv_resp.s_aliases_cnt
					* sizeof (uint32_t));
		  if (aliases_len == NULL)
		    {
		      retval = ENOMEM;
		      goto out_close;
		    }
		}
	      vec[n].iov_base = (void *) aliases_len;
	      vec[n].iov_len = serv_resp.s_aliases_cnt * sizeof (uint32_t);

	      total_len += serv_resp.s_aliases_cnt * sizeof (uint32_t);
	      ++n;
	    }

	  if ((size_t) __readvall (sock, vec, n) != total_len)
	    goto out_close;
	}
      else
	memcpy (resultbuf->s_name, s_name,
		serv_resp.s_name_len + serv_resp.s_proto_len);

      /*  Now we also can read the aliases.  */
      total_len = 0;
      for (cnt = 0; cnt < serv_resp.s_aliases_cnt; ++cnt)
	{
	  resultbuf->s_aliases[cnt] = cp;
	  cp += aliases_len[cnt];
	  total_len += aliases_len[cnt];
	}
      resultbuf->s_aliases[cnt] = NULL;

      if (__builtin_expect ((const char *) aliases_list + total_len > recend,
			    0))
	{
	  /* aliases_len array might contain garbage during nscd GC cycle,
	     retry rather than fail in that case.  */
	  if (aliases_list != NULL && mapped->head->gc_cycle != gc_cycle)
	    retval = -2;
	  goto out_close;
	}

      /* See whether this would exceed the buffer capacity.  */
      if (__glibc_unlikely (cp > buf + buflen))
	{
	  /* aliases_len array might contain garbage during nscd GC cycle,
	     retry rather than fail in that case.  */
	  if (aliases_list != NULL && mapped->head->gc_cycle != gc_cycle)
	    {
	      retval = -2;
	      goto out_close;
	    }
	  goto no_room;
	}

      /* And finally read the aliases.  */
      if (aliases_list == NULL)
	{
	  if (total_len == 0
	      || ((size_t) __readall (sock, resultbuf->s_aliases[0], total_len)
		  == total_len))
	    {
	      retval = 0;
	      *result = resultbuf;
	    }
	}
      else
	{
	  memcpy (resultbuf->s_aliases[0], aliases_list, total_len);

	  /* Try to detect corrupt databases.  */
	  if (resultbuf->s_name[serv_resp.s_name_len - 1] != '\0'
	      || resultbuf->s_proto[serv_resp.s_proto_len - 1] != '\0'
	      || ({for (cnt = 0; cnt < serv_resp.s_aliases_cnt; ++cnt)
		     if (resultbuf->s_aliases[cnt][aliases_len[cnt] - 1]
			 != '\0')
		       break;
		   cnt < serv_resp.s_aliases_cnt; }))
	    {
	      /* We cannot use the database.  */
	      if (mapped->head->gc_cycle != gc_cycle)
		retval = -2;
	      goto out_close;
	    }

	  retval = 0;
	  *result = resultbuf;
	}
    }
  else
    {
      /* Set errno to 0 to indicate no error, just no found record.  */
      __set_errno (0);
      /* Even though we have not found anything, the result is zero.  */
      retval = 0;
    }

 out_close:
  if (sock != -1)
    __close_nocancel_nostatus (sock);
 out:
  if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
    {
      /* When we come here this means there has been a GC cycle while we
	 were looking for the data.  This means the data might have been
	 inconsistent.  Retry if possible.  */
      if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
	{
	  /* nscd is just running gc now.  Disable using the mapping.  */
	  if (atomic_fetch_add_relaxed (&mapped->counter, -1) == 1)
	    __nscd_unmap (mapped);
	  mapped = NO_MAPPING;
	}

      if (retval != -1)
	{
	  if (!alloca_aliases_len)
	    free ((void *) aliases_len);
	  goto retry;
	}
    }

  if (!alloca_aliases_len)
    free ((void *) aliases_len);
  if (!alloca_key)
    free (key);

  return retval;
}
Commit	Line	Data
dff8da6b	1	/* Copyright (C) 2007-2024 Free Software Foundation, Inc.
b21fa963	2	This file is part of the GNU C Library.
b21fa963 UD	3
	4	The GNU C Library is free software; you can redistribute it and/or
	5	modify it under the terms of the GNU Lesser General Public
	6	License as published by the Free Software Foundation; either
	7	version 2.1 of the License, or (at your option) any later version.
	8
	9	The GNU C Library is distributed in the hope that it will be useful,
	10	but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	12	Lesser General Public License for more details.
	13
	14	You should have received a copy of the GNU Lesser General Public
59ba27a6	15	License along with the GNU C Library; if not, see
5a82c748	16	<https://www.gnu.org/licenses/>. */
b21fa963	17
f2962a71	18	#include <assert.h>
b21fa963 UD	19	#include <errno.h>
	20	#include <string.h>
	21	#include <not-cancel.h>
eb96ffb0	22	#include <_itoa.h>
e054f494	23	#include <stdint.h>
b21fa963 UD	24
	25	#include "nscd-client.h"
	26	#include "nscd_proto.h"
	27
	28
	29	int __nss_not_use_nscd_services;
	30
	31
	32	static int nscd_getserv_r (const char crit, size_t critlen, const char proto,
	33	request_type type, struct servent *resultbuf,
	34	char buf, size_t buflen, struct servent *result);
	35
	36
	37	int
	38	__nscd_getservbyname_r (const char name, const char proto,
	39	struct servent result_buf, char buf, size_t buflen,
	40	struct servent **result)
	41	{
	42	return nscd_getserv_r (name, strlen (name), proto, GETSERVBYNAME, result_buf,
	43	buf, buflen, result);
	44	}
	45
	46
	47	int
	48	__nscd_getservbyport_r (int port, const char *proto,
	49	struct servent result_buf, char buf, size_t buflen,
	50	struct servent **result)
	51	{
	52	char portstr[3 * sizeof (int) + 2];
	53	portstr[sizeof (portstr) - 1] = '\0';
	54	char *cp = _itoa_word (port, portstr + sizeof (portstr) - 1, 10, 0);
	55
8ec3f656	56	return nscd_getserv_r (cp, portstr + sizeof (portstr) - 1 - cp, proto,
b21fa963 UD	57	GETSERVBYPORT, result_buf, buf, buflen, result);
	58	}
	59
	60
	61	libc_locked_map_ptr (, __serv_map_handle) attribute_hidden;
	62	/* Note that we only free the structure if necessary. The memory
	63	mapping is not removed since it is not visible to the malloc
	64	handling. */
88677348 AZN	65	void
88677348 AZN	66	__nscd_serv_map_freemem (void)
b21fa963 UD	67	{
	68	if (__serv_map_handle.mapped != NO_MAPPING)
	69	{
	70	void *p = __serv_map_handle.mapped;
	71	__serv_map_handle.mapped = NO_MAPPING;
	72	free (p);
	73	}
	74	}
	75
	76
	77	static int
	78	nscd_getserv_r (const char crit, size_t critlen, const char proto,
	79	request_type type, struct servent *resultbuf,
	80	char buf, size_t buflen, struct servent *result)
	81	{
	82	int gc_cycle;
	83	int nretries = 0;
f2962a71	84	size_t alloca_used = 0;
b21fa963 UD	85
	86	/* If the mapping is available, try to search there instead of
	87	communicating with the nscd. */
	88	struct mapped_database *mapped;
	89	mapped = __nscd_get_map_ref (GETFDSERV, "services", &__serv_map_handle,
	90	&gc_cycle);
	91	size_t protolen = proto == NULL ? 0 : strlen (proto);
	92	size_t keylen = critlen + 1 + protolen + 1;
f2962a71 UD	93	int alloca_key = __libc_use_alloca (keylen);
	94	char *key;
	95	if (alloca_key)
	96	key = alloca_account (keylen, alloca_used);
	97	else
	98	{
	99	key = malloc (keylen);
	100	if (key == NULL)
	101	return -1;
	102	}
b21fa963 UD	103	memcpy (__mempcpy (__mempcpy (key, crit, critlen),
	104	"/", 1), proto ?: "", protolen + 1);
	105
	106	retry:;
b21fa963 UD	107	const char *s_name = NULL;
b21fa963 UD	108	const char *s_proto = NULL;
f2962a71	109	int alloca_aliases_len = 0;
b21fa963 UD	110	const uint32_t *aliases_len = NULL;
	111	const char *aliases_list = NULL;
	112	int retval = -1;
	113	const char recend = (const char ) ~UINTMAX_C (0);
	114	int sock = -1;
1a77d37f JJ	115	serv_response_header serv_resp;
1a77d37f JJ	116
b21fa963 UD	117	if (mapped != NO_MAPPING)
b21fa963 UD	118	{
cfe1fc10 JJ	119	struct datahead *found = __nscd_cache_search (type, key, keylen, mapped,
cfe1fc10 JJ	120	sizeof serv_resp);
b21fa963 UD	121
	122	if (found != NULL)
	123	{
1a77d37f JJ	124	s_name = (char *) (&found->data[0].servdata + 1);
	125	serv_resp = found->data[0].servdata;
	126	s_proto = s_name + serv_resp.s_name_len;
c8fc0c91	127	alloca_aliases_len = 1;
1a77d37f	128	aliases_len = (uint32_t *) (s_proto + serv_resp.s_proto_len);
b21fa963	129	aliases_list = ((char *) aliases_len
1a77d37f JJ	130	+ serv_resp.s_aliases_cnt * sizeof (uint32_t));
	131	recend = (const char *) found->data + found->recsize;
	132	/* Now check if we can trust serv_resp fields. If GC is
	133	in progress, it can contain anything. */
	134	if (mapped->head->gc_cycle != gc_cycle)
	135	{
	136	retval = -2;
	137	goto out;
	138	}
3687a5a7 JJ	139	if (__builtin_expect ((const char *) aliases_len
	140	+ serv_resp.s_aliases_cnt * sizeof (uint32_t)
	141	> recend, 0))
	142	goto out;
b21fa963	143
b21fa963 UD	144	/* The aliases_len array in the mapped database might very
	145	well be unaligned. We will access it word-wise so on
	146	platforms which do not tolerate unaligned accesses we
	147	need to make an aligned copy. */
	148	if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1))
	149	!= 0)
	150	{
f2962a71 UD	151	uint32_t *tmp;
	152	alloca_aliases_len
	153	= __libc_use_alloca (alloca_used
	154	+ (serv_resp.s_aliases_cnt
	155	* sizeof (uint32_t)));
	156	if (alloca_aliases_len)
c8fc0c91 UD	157	tmp = alloca_account (serv_resp.s_aliases_cnt
	158	* sizeof (uint32_t),
	159	alloca_used);
f2962a71 UD	160	else
	161	{
	162	tmp = malloc (serv_resp.s_aliases_cnt * sizeof (uint32_t));
	163	if (tmp == NULL)
	164	{
	165	retval = ENOMEM;
	166	goto out;
	167	}
	168	}
b21fa963	169	aliases_len = memcpy (tmp, aliases_len,
1a77d37f	170	serv_resp.s_aliases_cnt
b21fa963 UD	171	* sizeof (uint32_t));
b21fa963 UD	172	}
b21fa963 UD	173	}
	174	}
	175
1a77d37f	176	if (s_name == NULL)
b21fa963	177	{
1a77d37f JJ	178	sock = __nscd_open_socket (key, keylen, type, &serv_resp,
1a77d37f JJ	179	sizeof (serv_resp));
b21fa963 UD	180	if (sock == -1)
	181	{
	182	__nss_not_use_nscd_services = 1;
	183	goto out;
	184	}
b21fa963 UD	185	}
	186
	187	/* No value found so far. */
	188	*result = NULL;
	189
a1ffb40e	190	if (__glibc_unlikely (serv_resp.found == -1))
b21fa963 UD	191	{
	192	/* The daemon does not cache this database. */
	193	__nss_not_use_nscd_services = 1;
	194	goto out_close;
	195	}
	196
1a77d37f	197	if (serv_resp.found == 1)
b21fa963 UD	198	{
	199	char *cp = buf;
	200	uintptr_t align1;
	201	uintptr_t align2;
	202	size_t total_len;
	203	ssize_t cnt;
	204	int n;
	205
	206	/* A first check whether the buffer is sufficiently large is possible. */
	207	/* Now allocate the buffer the array for the group members. We must
	208	align the pointer and the base of the h_addr_list pointers. */
cc4d6614	209	align1 = ((__alignof__ (char *) - ((uintptr_t) cp))
b21fa963	210	& (__alignof__ (char *) - 1));
cc4d6614 QC	211	align2 = ((__alignof__ (char *) - ((uintptr_t) (cp + align1 + serv_resp.s_name_len
cc4d6614 QC	212	+ serv_resp.s_proto_len)))
b21fa963	213	& (__alignof__ (char *) - 1));
1a77d37f	214	if (buflen < (align1 + serv_resp.s_name_len + serv_resp.s_proto_len
b21fa963	215	+ align2
1a77d37f	216	+ (serv_resp.s_aliases_cnt + 1) * sizeof (char *)))
b21fa963 UD	217	{
	218	no_room:
	219	__set_errno (ERANGE);
	220	retval = ERANGE;
	221	goto out_close;
	222	}
	223	cp += align1;
	224
	225	/* Prepare the result as far as we can. */
	226	resultbuf->s_aliases = (char **) cp;
1a77d37f	227	cp += (serv_resp.s_aliases_cnt + 1) * sizeof (char *);
b21fa963 UD	228
b21fa963 UD	229	resultbuf->s_name = cp;
1a77d37f	230	cp += serv_resp.s_name_len;
b21fa963	231	resultbuf->s_proto = cp;
1a77d37f JJ	232	cp += serv_resp.s_proto_len + align2;
1a77d37f JJ	233	resultbuf->s_port = serv_resp.s_port;
b21fa963 UD	234
	235	if (s_name == NULL)
	236	{
	237	struct iovec vec[2];
	238
	239	vec[0].iov_base = resultbuf->s_name;
1a77d37f	240	vec[0].iov_len = serv_resp.s_name_len + serv_resp.s_proto_len;
b21fa963 UD	241	total_len = vec[0].iov_len;
	242	n = 1;
	243
1a77d37f	244	if (serv_resp.s_aliases_cnt > 0)
b21fa963	245	{
f2962a71 UD	246	assert (alloca_aliases_len == 0);
	247	alloca_aliases_len
	248	= __libc_use_alloca (alloca_used
	249	+ (serv_resp.s_aliases_cnt
	250	* sizeof (uint32_t)));
	251	if (alloca_aliases_len)
c8fc0c91 UD	252	aliases_len = alloca_account (serv_resp.s_aliases_cnt
	253	* sizeof (uint32_t),
	254	alloca_used);
f2962a71 UD	255	else
	256	{
	257	aliases_len = malloc (serv_resp.s_aliases_cnt
	258	* sizeof (uint32_t));
	259	if (aliases_len == NULL)
	260	{
	261	retval = ENOMEM;
	262	goto out_close;
	263	}
	264	}
b21fa963	265	vec[n].iov_base = (void *) aliases_len;
1a77d37f	266	vec[n].iov_len = serv_resp.s_aliases_cnt * sizeof (uint32_t);
b21fa963	267
1a77d37f	268	total_len += serv_resp.s_aliases_cnt * sizeof (uint32_t);
b21fa963 UD	269	++n;
	270	}
	271
	272	if ((size_t) __readvall (sock, vec, n) != total_len)
	273	goto out_close;
	274	}
	275	else
	276	memcpy (resultbuf->s_name, s_name,
1a77d37f	277	serv_resp.s_name_len + serv_resp.s_proto_len);
b21fa963 UD	278
	279	/* Now we also can read the aliases. */
	280	total_len = 0;
1a77d37f	281	for (cnt = 0; cnt < serv_resp.s_aliases_cnt; ++cnt)
b21fa963 UD	282	{
	283	resultbuf->s_aliases[cnt] = cp;
	284	cp += aliases_len[cnt];
	285	total_len += aliases_len[cnt];
	286	}
	287	resultbuf->s_aliases[cnt] = NULL;
	288
	289	if (__builtin_expect ((const char *) aliases_list + total_len > recend,
	290	0))
1a77d37f JJ	291	{
	292	/* aliases_len array might contain garbage during nscd GC cycle,
	293	retry rather than fail in that case. */
	294	if (aliases_list != NULL && mapped->head->gc_cycle != gc_cycle)
	295	retval = -2;
	296	goto out_close;
	297	}
	298
b21fa963	299	/* See whether this would exceed the buffer capacity. */
a1ffb40e	300	if (__glibc_unlikely (cp > buf + buflen))
1a77d37f JJ	301	{
	302	/* aliases_len array might contain garbage during nscd GC cycle,
	303	retry rather than fail in that case. */
	304	if (aliases_list != NULL && mapped->head->gc_cycle != gc_cycle)
	305	{
	306	retval = -2;
	307	goto out_close;
	308	}
	309	goto no_room;
	310	}
b21fa963 UD	311
	312	/* And finally read the aliases. */
	313	if (aliases_list == NULL)
	314	{
	315	if (total_len == 0
	316	\|\| ((size_t) __readall (sock, resultbuf->s_aliases[0], total_len)
	317	== total_len))
	318	{
	319	retval = 0;
	320	*result = resultbuf;
	321	}
	322	}
	323	else
	324	{
	325	memcpy (resultbuf->s_aliases[0], aliases_list, total_len);
	326
	327	/* Try to detect corrupt databases. */
1a77d37f JJ	328	if (resultbuf->s_name[serv_resp.s_name_len - 1] != '\0'
	329	\|\| resultbuf->s_proto[serv_resp.s_proto_len - 1] != '\0'
	330	\|\| ({for (cnt = 0; cnt < serv_resp.s_aliases_cnt; ++cnt)
b21fa963 UD	331	if (resultbuf->s_aliases[cnt][aliases_len[cnt] - 1]
	332	!= '\0')
	333	break;
1a77d37f JJ	334	cnt < serv_resp.s_aliases_cnt; }))
	335	{
	336	/* We cannot use the database. */
	337	if (mapped->head->gc_cycle != gc_cycle)
	338	retval = -2;
	339	goto out_close;
	340	}
b21fa963 UD	341
	342	retval = 0;
	343	*result = resultbuf;
	344	}
	345	}
	346	else
	347	{
cfca0aa3 UD	348	/* Set errno to 0 to indicate no error, just no found record. */
cfca0aa3 UD	349	__set_errno (0);
b21fa963 UD	350	/* Even though we have not found anything, the result is zero. */
	351	retval = 0;
	352	}
	353
	354	out_close:
	355	if (sock != -1)
c181840c	356	__close_nocancel_nostatus (sock);
b21fa963	357	out:
1a77d37f	358	if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
b21fa963 UD	359	{
	360	/* When we come here this means there has been a GC cycle while we
	361	were looking for the data. This means the data might have been
	362	inconsistent. Retry if possible. */
1a77d37f	363	if ((gc_cycle & 1) != 0 \|\| ++nretries == 5 \|\| retval == -1)
b21fa963 UD	364	{
b21fa963 UD	365	/* nscd is just running gc now. Disable using the mapping. */
a364a3a7	366	if (atomic_fetch_add_relaxed (&mapped->counter, -1) == 1)
1a77d37f	367	__nscd_unmap (mapped);
b21fa963 UD	368	mapped = NO_MAPPING;
	369	}
	370
1a77d37f	371	if (retval != -1)
c8fc0c91 UD	372	{
c8fc0c91 UD	373	if (!alloca_aliases_len)
f15f1e45	374	free ((void *) aliases_len);
c8fc0c91 UD	375	goto retry;
c8fc0c91 UD	376	}
b21fa963 UD	377	}
b21fa963 UD	378
f2962a71 UD	379	if (!alloca_aliases_len)
	380	free ((void *) aliases_len);
	381	if (!alloca_key)
	382	free (key);
	383
b21fa963 UD	384	return retval;
b21fa963 UD	385	}