AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-23 13:30:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976]

Browse Source 
During cleanup, before returning from get*_r functions, the end*ent
calls must not change errno.  Otherwise, an ERANGE error from the
underlying implementation can be hidden, causing unexpected lookup
failures.  This commit introduces an internal_end*ent_noerror
function which saves and restore errno, and marks the original
internal_end*ent function as warn_unused_result, so that it is used
only in contexts were errors from it can be handled explicitly.

Reviewed-by: DJ Delorie <dj@redhat.com>
(cherry picked from commit 790b8dda44)
This commit is contained in:
Florian Weimer 2020-05-19 14:09:38 +02:00
parent a318448f7a
commit b0d3f7858c
5 changed files with 47 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -39,6 +39,7 @@ The following bugs are resolved with this release:
[25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs [25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
[25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection [25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection
[25232] No const correctness for strchr et al. for Clang++ [25232] No const correctness for strchr et al. for Clang++
[25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
Security related changes: Security related changes:

15
nss/nss_compat/compat-grp.c
View File

@ -142,7 +142,7 @@ _nss_compat_setgrent (int stayopen)
} }
static enum nss_status static enum nss_status __attribute_warn_unused_result__
internal_endgrent (ent_t *ent) internal_endgrent (ent_t *ent)
{ {
if (ent->stream != NULL) if (ent->stream != NULL)
@ -163,6 +163,15 @@ internal_endgrent (ent_t *ent)
return NSS_STATUS_SUCCESS; return NSS_STATUS_SUCCESS;
} }
/* Like internal_endgrent, but preserve errno in all cases. */
static void
internal_endgrent_noerror (ent_t *ent)
{
int saved_errno = errno;
enum nss_status unused __attribute__ ((unused)) = internal_endgrent (ent);
__set_errno (saved_errno);
}
enum nss_status enum nss_status
_nss_compat_endgrent (void) _nss_compat_endgrent (void)
{ {
@ -483,7 +492,7 @@ _nss_compat_getgrnam_r (const char *name, struct group *grp,
if (result == NSS_STATUS_SUCCESS) if (result == NSS_STATUS_SUCCESS)
result = internal_getgrnam_r (name, grp, &ent, buffer, buflen, errnop); result = internal_getgrnam_r (name, grp, &ent, buffer, buflen, errnop);
internal_endgrent (&ent); internal_endgrent_noerror (&ent);
return result; return result;
} }
@ -612,7 +621,7 @@ _nss_compat_getgrgid_r (gid_t gid, struct group *grp,
if (result == NSS_STATUS_SUCCESS) if (result == NSS_STATUS_SUCCESS)
result = internal_getgrgid_r (gid, grp, &ent, buffer, buflen, errnop); result = internal_getgrgid_r (gid, grp, &ent, buffer, buflen, errnop);
internal_endgrent (&ent); internal_endgrent_noerror (&ent);
return result; return result;
} }

13
nss/nss_compat/compat-initgroups.c
View File

@ -133,7 +133,7 @@ internal_setgrent (ent_t *ent)
} }
static enum nss_status static enum nss_status __attribute_warn_unused_result__
internal_endgrent (ent_t *ent) internal_endgrent (ent_t *ent)
{ {
if (ent->stream != NULL) if (ent->stream != NULL)
@ -157,6 +157,15 @@ internal_endgrent (ent_t *ent)
return NSS_STATUS_SUCCESS; return NSS_STATUS_SUCCESS;
} }
/* Like internal_endgrent, but preserve errno in all cases. */
static void
internal_endgrent_noerror (ent_t *ent)
{
int saved_errno = errno;
enum nss_status unused __attribute__ ((unused)) = internal_endgrent (ent);
__set_errno (saved_errno);
}
/* Add new group record. */ /* Add new group record. */
static void static void
add_group (long int *start, long int *size, gid_t **groupsp, long int limit, add_group (long int *start, long int *size, gid_t **groupsp, long int limit,
@ -501,7 +510,7 @@ _nss_compat_initgroups_dyn (const char *user, gid_t group, long int *start,
done: done:
scratch_buffer_free (&tmpbuf); scratch_buffer_free (&tmpbuf);
internal_endgrent (&intern); internal_endgrent_noerror (&intern);
return status; return status;
} }

15
nss/nss_compat/compat-pwd.c
View File

@ -259,7 +259,7 @@ _nss_compat_setpwent (int stayopen)
} }
static enum nss_status static enum nss_status __attribute_warn_unused_result__
internal_endpwent (ent_t *ent) internal_endpwent (ent_t *ent)
{ {
if (ent->stream != NULL) if (ent->stream != NULL)
@ -287,6 +287,15 @@ internal_endpwent (ent_t *ent)
return NSS_STATUS_SUCCESS; return NSS_STATUS_SUCCESS;
} }
/* Like internal_endpwent, but preserve errno in all cases. */
static void
internal_endpwent_noerror (ent_t *ent)
{
int saved_errno = errno;
enum nss_status unused __attribute__ ((unused)) = internal_endpwent (ent);
__set_errno (saved_errno);
}
enum nss_status enum nss_status
_nss_compat_endpwent (void) _nss_compat_endpwent (void)
{ {
@ -822,7 +831,7 @@ _nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
if (result == NSS_STATUS_SUCCESS) if (result == NSS_STATUS_SUCCESS)
result = internal_getpwnam_r (name, pwd, &ent, buffer, buflen, errnop); result = internal_getpwnam_r (name, pwd, &ent, buffer, buflen, errnop);
internal_endpwent (&ent); internal_endpwent_noerror (&ent);
return result; return result;
} }
@ -1061,7 +1070,7 @@ _nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
if (result == NSS_STATUS_SUCCESS) if (result == NSS_STATUS_SUCCESS)
result = internal_getpwuid_r (uid, pwd, &ent, buffer, buflen, errnop); result = internal_getpwuid_r (uid, pwd, &ent, buffer, buflen, errnop);
internal_endpwent (&ent); internal_endpwent_noerror (&ent);
return result; return result;
} }

14
nss/nss_compat/compat-spwd.c
View File

@ -215,7 +215,7 @@ _nss_compat_setspent (int stayopen)
} }
static enum nss_status static enum nss_status __attribute_warn_unused_result__
internal_endspent (ent_t *ent) internal_endspent (ent_t *ent)
{ {
if (ent->stream != NULL) if (ent->stream != NULL)
@ -244,6 +244,15 @@ internal_endspent (ent_t *ent)
return NSS_STATUS_SUCCESS; return NSS_STATUS_SUCCESS;
} }
/* Like internal_endspent, but preserve errno in all cases. */
static void
internal_endspent_noerror (ent_t *ent)
{
int saved_errno = errno;
enum nss_status unused __attribute__ ((unused)) = internal_endspent (ent);
__set_errno (saved_errno);
}
enum nss_status enum nss_status
_nss_compat_endspent (void) _nss_compat_endspent (void)
{ {
@ -261,7 +270,6 @@ _nss_compat_endspent (void)
return result; return result;
} }
static enum nss_status static enum nss_status
getspent_next_nss_netgr (const char *name, struct spwd *result, ent_t *ent, getspent_next_nss_netgr (const char *name, struct spwd *result, ent_t *ent,
char *group, char *buffer, size_t buflen, char *group, char *buffer, size_t buflen,
@ -786,7 +794,7 @@ _nss_compat_getspnam_r (const char *name, struct spwd *pwd,
if (result == NSS_STATUS_SUCCESS) if (result == NSS_STATUS_SUCCESS)
result = internal_getspnam_r (name, pwd, &ent, buffer, buflen, errnop); result = internal_getspnam_r (name, pwd, &ent, buffer, buflen, errnop);
internal_endspent (&ent); internal_endspent_noerror (&ent);
return result; return result;
} }