GNU C Library master sources branch release/2.19/master updated. glibc-2.19-48-gb963026

aurel32@sourceware.org aurel32@sourceware.org
Sun Dec 20 17:56:00 GMT 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.19/master has been updated
       via  b963026c07a304bcfcf56ad5ee9b4f0797c7d3df (commit)
       via  56b2cf5633f90c722b8f4ed257311b23ebed7399 (commit)
       via  2f3bd411aefa9747f17740e9ab06676d51241098 (commit)
      from  60f10f2326aa47c7f49b752c1730e084b2319aa7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b963026c07a304bcfcf56ad5ee9b4f0797c7d3df

commit b963026c07a304bcfcf56ad5ee9b4f0797c7d3df
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Mar 27 19:48:15 2014 +0530

    Avoid overlapping addresses to stpcpy calls in nscd (BZ #16760)
    
    Calls to stpcpy from nscd netgroups code will have overlapping source
    and destination when all three values in the returned triplet are
    non-NULL and in the expected (host,user,domain) order.  This is seen
    in valgrind as:
    
    ==3181== Source and destination overlap in stpcpy(0x19973b48, 0x19973b48)
    ==3181==    at 0x4C2F30A: stpcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==3181==    by 0x12567A: addgetnetgrentX (string3.h:111)
    ==3181==    by 0x12722D: addgetnetgrent (netgroupcache.c:665)
    ==3181==    by 0x11114C: nscd_run_worker (connections.c:1338)
    ==3181==    by 0x4E3C102: start_thread (pthread_create.c:309)
    ==3181==    by 0x59B81AC: clone (clone.S:111)
    ==3181==
    
    Fix this by using memmove instead of stpcpy.
    
    (cherry picked from commit ea7d8b95e2fcb81f68b04ed7787a3dbda023991a)

diff --git a/ChangeLog b/ChangeLog
index 896b564..e82ba7d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,10 @@
 	* inet/getnetgrent_r.c (get_nonempty_val): New function.
 	(nscd_getnetgrent): Use it.
 
+	[BZ #16760]
+	* nscd/netgroupcache.c (addgetnetgrentX): Use memmove instead
+	of stpcpy.
+
 2015-11-24  Andreas Schwab  <schwab@suse.de>
 
 	[BZ #17062]
diff --git a/NEWS b/NEWS
index 6f295a2..2972c4a 100644
--- a/NEWS
+++ b/NEWS
@@ -9,9 +9,10 @@ Version 2.19.1
 
 * The following bugs are resolved with this release:
 
-  15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16759, 16878,
-  16882, 16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079,
-  17137, 17153, 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287.
+  15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16759, 16760,
+  16878, 16882, 16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069,
+  17079, 17137, 17153, 17213, 17263, 17269, 17325, 17555, 18007, 18032,
+  18287.
 
 * A buffer overflow in gethostbyname_r and related functions performing DNS
   requests has been fixed.  If the NSS functions were called with a
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 8c619ea..c61d10b 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -211,6 +211,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
 			    const char *nuser = data.val.triple.user;
 			    const char *ndomain = data.val.triple.domain;
 
+			    size_t hostlen = strlen (nhost ?: "") + 1;
+			    size_t userlen = strlen (nuser ?: "") + 1;
+			    size_t domainlen = strlen (ndomain ?: "") + 1;
+
 			    if (nhost == NULL || nuser == NULL || ndomain == NULL
 				|| nhost > nuser || nuser > ndomain)
 			      {
@@ -228,9 +232,6 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
 				     : last + strlen (last) + 1 - buffer);
 
 				/* We have to make temporary copies.  */
-				size_t hostlen = strlen (nhost ?: "") + 1;
-				size_t userlen = strlen (nuser ?: "") + 1;
-				size_t domainlen = strlen (ndomain ?: "") + 1;
 				size_t needed = hostlen + userlen + domainlen;
 
 				if (buflen - req->key_len - bufused < needed)
@@ -264,9 +265,12 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
 			      }
 
 			    char *wp = buffer + buffilled;
-			    wp = stpcpy (wp, nhost) + 1;
-			    wp = stpcpy (wp, nuser) + 1;
-			    wp = stpcpy (wp, ndomain) + 1;
+			    wp = memmove (wp, nhost ?: "", hostlen);
+			    wp += hostlen;
+			    wp = memmove (wp, nuser ?: "", userlen);
+			    wp += userlen;
+			    wp = memmove (wp, ndomain ?: "", domainlen);
+			    wp += domainlen;
 			    buffilled = wp - buffer;
 			    ++nentries;
 			  }

http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=56b2cf5633f90c722b8f4ed257311b23ebed7399

commit 56b2cf5633f90c722b8f4ed257311b23ebed7399
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Mar 27 19:49:51 2014 +0530

    Return NULL for wildcard values in getnetgrent from nscd (BZ #16759)
    
    getnetgrent is supposed to return NULL for values that are wildcards
    in the (host, user, domain) triplet.  This works correctly with nscd
    disabled, but with it enabled, it returns a blank ("") instead of a
    NULL.  This is easily seen with the output of `getent netgroup foonet`
    for a netgroup foonet defined as follows in /etc/netgroup:
    
        foonet (,foo,)
    
    The output with nscd disabled is:
    
        foonet ( ,foo,)
    
    while with nscd enabled, it is:
    
        foonet (,foo,)
    
    The extra space with nscd disabled is due to the fact that `getent
    netgroup` adds it if the return value from getnetgrent is NULL for
    either host or user.
    
    (cherry picked from commit dd3022d75e6fb8957843d6d84257a5d8457822d5)

diff --git a/ChangeLog b/ChangeLog
index 3cb4c4d..896b564 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,10 @@
 	* nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
 	blank values.
 
+	[BZ #16759]
+	* inet/getnetgrent_r.c (get_nonempty_val): New function.
+	(nscd_getnetgrent): Use it.
+
 2015-11-24  Andreas Schwab  <schwab@suse.de>
 
 	[BZ #17062]
diff --git a/NEWS b/NEWS
index 9771c07..6f295a2 100644
--- a/NEWS
+++ b/NEWS
@@ -9,9 +9,9 @@ Version 2.19.1
 
 * The following bugs are resolved with this release:
 
-  15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16878, 16882,
-  16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137,
-  17153, 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287.
+  15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16759, 16878,
+  16882, 16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079,
+  17137, 17153, 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287.
 
 * A buffer overflow in gethostbyname_r and related functions performing DNS
   requests has been fixed.  If the NSS functions were called with a
diff --git a/inet/getnetgrent_r.c b/inet/getnetgrent_r.c
index 62cdfda..f6d064d 100644
--- a/inet/getnetgrent_r.c
+++ b/inet/getnetgrent_r.c
@@ -235,6 +235,14 @@ endnetgrent (void)
 }
 
 #ifdef USE_NSCD
+static const char *
+get_nonempty_val (const char *in)
+{
+  if (*in == '\0')
+    return NULL;
+  return in;
+}
+
 static enum nss_status
 nscd_getnetgrent (struct __netgrent *datap, char *buffer, size_t buflen,
 		  int *errnop)
@@ -243,11 +251,11 @@ nscd_getnetgrent (struct __netgrent *datap, char *buffer, size_t buflen,
     return NSS_STATUS_UNAVAIL;
 
   datap->type = triple_val;
-  datap->val.triple.host = datap->cursor;
+  datap->val.triple.host = get_nonempty_val (datap->cursor);
   datap->cursor = (char *) __rawmemchr (datap->cursor, '\0') + 1;
-  datap->val.triple.user = datap->cursor;
+  datap->val.triple.user = get_nonempty_val (datap->cursor);
   datap->cursor = (char *) __rawmemchr (datap->cursor, '\0') + 1;
-  datap->val.triple.domain = datap->cursor;
+  datap->val.triple.domain = get_nonempty_val (datap->cursor);
   datap->cursor = (char *) __rawmemchr (datap->cursor, '\0') + 1;
 
   return NSS_STATUS_SUCCESS;

http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2f3bd411aefa9747f17740e9ab06676d51241098

commit 2f3bd411aefa9747f17740e9ab06676d51241098
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Mar 27 07:15:22 2014 +0530

    Fix nscd lookup for innetgr when netgroup has wildcards (BZ #16758)
    
    nscd works correctly when the request in innetgr is a wildcard,
    i.e. when one or more of host, user or domain parameters is NULL.
    However, it does not work when the the triplet in the netgroup
    definition has a wildcard.  This is easy to reproduce for a triplet
    defined as follows:
    
        foonet (,foo,)
    
    Here, an innetgr call that looks like this:
    
        innetgr ("foonet", "foohost", "foo", NULL);
    
    should succeed and so should:
    
        innetgr ("foonet", NULL, "foo", "foodomain");
    
    It does succeed with nscd disabled, but not with nscd enabled.  This
    fix adds this additional check for all three parts of the triplet so
    that it gives the correct result.
    
    	[BZ #16758]
    	* nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
    	blank values.
    
    (cherry picked from commit fbd6b5a4052316f7eb03c4617eebfaafc59dcc06)

diff --git a/ChangeLog b/ChangeLog
index 4502ab2..3cb4c4d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-12-20  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16758]
+	* nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
+	blank values.
+
 2015-11-24  Andreas Schwab  <schwab@suse.de>
 
 	[BZ #17062]
diff --git a/NEWS b/NEWS
index c9cce28..9771c07 100644
--- a/NEWS
+++ b/NEWS
@@ -9,9 +9,9 @@ Version 2.19.1
 
 * The following bugs are resolved with this release:
 
-  15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885,
-  16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137, 17153,
-  17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287.
+  15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16878, 16882,
+  16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137,
+  17153, 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287.
 
 * A buffer overflow in gethostbyname_r and related functions performing DNS
   requests has been fixed.  If the NSS functions were called with a
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 084f74d..8c619ea 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -562,15 +562,19 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
 	{
 	  bool success = true;
 
-	  if (host != NULL)
+	  /* For the host, user and domain in each triplet, we assume success
+	     if the value is blank because that is how the wildcard entry to
+	     match anything is stored in the netgroup cache.  */
+	  if (host != NULL && *triplets != '\0')
 	    success = strcmp (host, triplets) == 0;
 	  triplets = (const char *) rawmemchr (triplets, '\0') + 1;
 
-	  if (success && user != NULL)
+	  if (success && user != NULL && *triplets != '\0')
 	    success = strcmp (user, triplets) == 0;
 	  triplets = (const char *) rawmemchr (triplets, '\0') + 1;
 
-	  if (success && (domain == NULL || strcmp (domain, triplets) == 0))
+	  if (success && (domain == NULL || *triplets == '\0'
+			  || strcmp (domain, triplets) == 0))
 	    {
 	      dataset->resp.result = 1;
 	      break;

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog            |   14 ++++++++++++++
 NEWS                 |    7 ++++---
 inet/getnetgrent_r.c |   14 +++++++++++---
 nscd/netgroupcache.c |   26 +++++++++++++++++---------
 4 files changed, 46 insertions(+), 15 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources



More information about the Glibc-cvs mailing list