This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: nss_db: protect against empty mappings
- From: Florian Weimer <fweimer at redhat dot com>
- To: DJ Delorie <dj at redhat dot com>
- Cc: "Carlos O'Donell" <carlos at redhat dot com>, libc-alpha at sourceware dot org
- Date: Tue, 18 Jun 2019 08:12:10 +0200
- Subject: Re: nss_db: protect against empty mappings
- References: <xna7efcz1c.fsf@greed.delorie.com>
* DJ Delorie:
> "Carlos O'Donell" <carlos@redhat.com> writes:
>> Merge the fixes then.
>
> Subject: nss_db: fix endent wrt NULL mappings
>
> nss_db allows for getpwent et al to be called without a set*ent,
> but it only works once. After the last get*ent a set*ent is
> required to restart, because the end*ent did not properly reset
> the module. Resetting it to NULL allows for a proper restart.
>
> If the database doesn't exist, however, end*ent erroniously called
> munmap which set errno.
>
> The test case runs "makedb" inside the testroot, so needs selinux
> DSOs installed.
>
> Resolves: #24695
> Resolves: #24696
You need to add “[BZ #24695]” or “bug 24695” to the commit message, the
above will not work. If you can squeeze both numbers into the first
line, that's best.
> + /* Before the fix, this would call munmap(NULL) and set errno. */
Missing space before parenthesis.
> + /* setpwent() is intentionally omitted here. The first call to
> + getpwent detects that it's first and initializes. The second
> + time try_it is called, this "first call" was not detected before
> + the fix, and getpwent would crash. */
GNU style is not to write () after function names.
> + while ((pw = getpwent ()) != NULL)
> + ;
> +
> + endpwent ();
Would it be possible to add error checking here?
> + system ("/usr/bin/makedb -o /var/db/passwd.db /var/db/passwd.in");
I think you need to use the actual installation path, not /usr/bin.
Thanks,
Florian