From 20f8e6663accb3d318630e8ec4a08ed37521fce6 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Sun, 12 Sep 2004 20:38:38 +0000 Subject: [PATCH] Update. 2004-09-11 Thorsten Kukuk * nis/nss_compat/compat-grp.c: Check that buflen is greater zero before writing data into the buffer with negative offset. * nis/nss_compat/compat-initgroups.c: Likewise. * nis/nss_compat/compat-pwd.c: Likewise. * nis/nss_compat/compat-spwd.c Likewise. --- ChangeLog | 8 +++ nis/nss_compat/compat-grp.c | 82 +++++++++++++++++------------- nis/nss_compat/compat-initgroups.c | 24 +++++---- nis/nss_compat/compat-pwd.c | 74 ++++++++++++++++----------- nis/nss_compat/compat-spwd.c | 48 +++++++++-------- nptl/sysdeps/pthread/pthread.h | 18 +++---- 6 files changed, 148 insertions(+), 106 deletions(-) diff --git a/ChangeLog b/ChangeLog index 71cd45bf05..f68cfd110e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2004-09-11 Thorsten Kukuk + + * nis/nss_compat/compat-grp.c: Check that buflen is greater zero + before writing data into the buffer with negative offset. + * nis/nss_compat/compat-initgroups.c: Likewise. + * nis/nss_compat/compat-pwd.c: Likewise. + * nis/nss_compat/compat-spwd.c Likewise. + 2004-09-12 Ulrich Drepper * misc/syslog.c (vsyslog): Fix copying of PID in case of diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c index 85414ed81d..08bf5d2f80 100644 --- a/nis/nss_compat/compat-grp.c +++ b/nis/nss_compat/compat-grp.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1996,1997,1998,1999,2001,2002, 2003 Free Software Foundation, Inc. +/* Copyright (C) 1996-1999,2001,2002,2003,2004 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk , 1996. @@ -253,17 +253,25 @@ getgrent_next_file (struct group *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); if (p == NULL && feof_unlocked (ent->stream)) return NSS_STATUS_NOTFOUND; - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -279,13 +287,9 @@ getgrent_next_file (struct group *result, ent_t *ent, !(parse_res = _nss_files_parse_grent (p, result, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; if (result->gr_name[0] != '+' && result->gr_name[0] != '-') /* This is a real entry. */ @@ -315,17 +319,15 @@ getgrent_next_file (struct group *result, ent_t *ent, blacklist_store_name (buf, ent); if (status == NSS_STATUS_SUCCESS) /* We found the entry. */ break; - else if (status == NSS_STATUS_RETURN /* We couldn't parse the entry */ + else if (status == NSS_STATUS_RETURN /* We couldn't parse the entry*/ || status == NSS_STATUS_NOTFOUND) /* No group in NIS */ continue; else { if (status == NSS_STATUS_TRYAGAIN) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - } + /* The parser ran out of space. */ + goto erange_reset; + return status; } } @@ -384,17 +386,25 @@ internal_getgrnam_r (const char *name, struct group *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); if (p == NULL && feof_unlocked (ent->stream)) return NSS_STATUS_NOTFOUND; - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -410,13 +420,9 @@ internal_getgrnam_r (const char *name, struct group *result, ent_t *ent, !(parse_res = _nss_files_parse_grent (p, result, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; /* This is a real entry. */ if (result->gr_name[0] != '+' && result->gr_name[0] != '-') @@ -511,17 +517,25 @@ internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); if (p == NULL && feof_unlocked (ent->stream)) return NSS_STATUS_NOTFOUND; - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -538,12 +552,8 @@ internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent, errnop))); if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + /* The parser ran out of space. */ + goto erange_reset; /* This is a real entry. */ if (result->gr_name[0] != '+' && result->gr_name[0] != '-') diff --git a/nis/nss_compat/compat-initgroups.c b/nis/nss_compat/compat-initgroups.c index 100febc672..9574ea7c0b 100644 --- a/nis/nss_compat/compat-initgroups.c +++ b/nis/nss_compat/compat-initgroups.c @@ -327,17 +327,25 @@ internal_getgrent_r (ent_t *ent, char *buffer, size_t buflen, const char *user, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); if (p == NULL && feof_unlocked (ent->stream)) return NSS_STATUS_NOTFOUND; - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -353,13 +361,9 @@ internal_getgrent_r (ent_t *ent, char *buffer, size_t buflen, const char *user, !(parse_res = _nss_files_parse_grent (p, &grpbuf, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; if (grpbuf.gr_name[0] != '+' && grpbuf.gr_name[0] != '-') /* This is a real entry. */ diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c index b8c5890b5b..89a6a7013e 100644 --- a/nis/nss_compat/compat-pwd.c +++ b/nis/nss_compat/compat-pwd.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1996-1999,2001,2002,2003 Free Software Foundation, Inc. +/* Copyright (C) 1996-1999,2001,2002,2003,2004 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk , 1996. @@ -499,17 +499,25 @@ getpwent_next_file (struct passwd *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); if (p == NULL && feof_unlocked (ent->stream)) return NSS_STATUS_NOTFOUND; - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -525,13 +533,9 @@ getpwent_next_file (struct passwd *result, ent_t *ent, !(parse_res = _nss_files_parse_pwent (p, result, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; if (result->pw_name[0] != '+' && result->pw_name[0] != '-') /* This is a real entry. */ @@ -694,6 +698,14 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); @@ -701,11 +713,11 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent, { return NSS_STATUS_NOTFOUND; } - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -721,13 +733,9 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent, !(parse_res = _nss_files_parse_pwent (p, result, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; /* This is a real entry. */ if (result->pw_name[0] != '+' && result->pw_name[0] != '-') @@ -897,17 +905,25 @@ internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); if (p == NULL && feof_unlocked (ent->stream)) return NSS_STATUS_NOTFOUND; - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -923,13 +939,9 @@ internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent, !(parse_res = _nss_files_parse_pwent (p, result, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; /* This is a real entry. */ if (result->pw_name[0] != '+' && result->pw_name[0] != '-') diff --git a/nis/nss_compat/compat-spwd.c b/nis/nss_compat/compat-spwd.c index 55db10eadb..4ca6368139 100644 --- a/nis/nss_compat/compat-spwd.c +++ b/nis/nss_compat/compat-spwd.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1996-1999,2001,2002,2003 Free Software Foundation, Inc. +/* Copyright (C) 1996-1999,2001,2002,2003,2004 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk , 1996. @@ -451,17 +451,25 @@ getspent_next_file (struct spwd *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); if (p == NULL && feof_unlocked (ent->stream)) return NSS_STATUS_NOTFOUND; - if (p == NULL || buffer[buflen - 1] != '\xff') + if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Skip leading blanks. */ @@ -474,13 +482,9 @@ getspent_next_file (struct spwd *result, ent_t *ent, || !(parse_res = _nss_files_parse_spent (p, result, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-') /* This is a real entry. */ @@ -645,6 +649,14 @@ internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent, do { + /* We need at least 3 characters for one line. */ + if (__builtin_expect (buflen < 3, 0)) + { + erange: + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + fgetpos (ent->stream, &pos); buffer[buflen - 1] = '\xff'; p = fgets_unlocked (buffer, buflen, ent->stream); @@ -653,9 +665,9 @@ internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent, if (p == NULL || buffer[buflen - 1] != '\xff') { + erange_reset: fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; + goto erange; } /* Terminate the line for any case. */ @@ -671,13 +683,9 @@ internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent, !(parse_res = _nss_files_parse_spent (p, result, data, buflen, errnop))); - if (parse_res == -1) - { - /* The parser ran out of space. */ - fsetpos (ent->stream, &pos); - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } + if (__builtin_expect (parse_res == -1, 0)) + /* The parser ran out of space. */ + goto erange_reset; /* This is a real entry. */ if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-') diff --git a/nptl/sysdeps/pthread/pthread.h b/nptl/sysdeps/pthread/pthread.h index 18ccb83c50..27666483d9 100644 --- a/nptl/sysdeps/pthread/pthread.h +++ b/nptl/sysdeps/pthread/pthread.h @@ -83,7 +83,7 @@ enum /* Read-write lock types. */ -#ifdef __USE_UNIX98 +#if defined __USE_UNIX98 || defined __USE_XOPEN2K enum { PTHREAD_RWLOCK_PREFER_READER_NP, @@ -91,21 +91,21 @@ enum PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, PTHREAD_RWLOCK_DEFAULT_NP = PTHREAD_RWLOCK_PREFER_READER_NP }; -#endif /* Unix98 */ /* Read-write lock initializers. */ -#define PTHREAD_RWLOCK_INITIALIZER \ +# define PTHREAD_RWLOCK_INITIALIZER \ { } -#ifdef __USE_GNU -# if __WORDSIZE == 64 -# define PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP \ +# ifdef __USE_GNU +# if __WORDSIZE == 64 +# define PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP \ { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, \ PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP } } -# else -# define PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP \ +# else +# define PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP \ { { 0, 0, 0, 0, 0, 0, PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP } } +# endif # endif -#endif +#endif /* Unix98 or XOpen2K */ /* Scheduler inheritance. */