Reproducer (needs to run as root):
perl -e \
'print "large❌999:" . join(",", map {"user$_"} (1 .. 135))."\n"' \
>> /etc/group
cd /var/db
make
getent -s db group
After the fix, the last command should list the "large" group.
The magic number 135 has been chosen so that the line is shorter than
1024 bytes, but the pointers required to encode the member array will
cross the threshold, triggering the bug.
This mostly automatically-generated patch converts 113 function
definitions in glibc from old-style K&R to prototype-style. Following
my other recent such patches, this one deals with the case of function
definitions in files that either contain assertions or where grep
suggested they might contain assertions - and thus where it isn't
possible to use a simple object code comparison as a sanity check on
the correctness of the patch, because line numbers are changed.
A few such automatically-generated changes needed to be supplemented
by manual changes for the result to compile. openat64 had a prototype
declaration with "..." but an old-style definition in
sysdeps/unix/sysv/linux/dl-openat64.c, and "..." needed adding to the
generated prototype in the definition (I've filed
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68024> for diagnosing
such cases in GCC; the old state was undefined behavior not requiring
a diagnostic, but one seems a good idea). In addition, as Florian has
noted regparm attribute mismatches between declaration and definition
are only diagnosed for prototype definitions, and five functions
needed internal_function added to their definitions (in the case of
__pthread_mutex_cond_lock, via the macro definition of
__pthread_mutex_lock) to compile on i386.
After this patch is in, remaining old-style definitions are probably
most readily fixed manually before we can turn on
-Wold-style-definition for all builds.
Tested for x86_64 and x86 (testsuite).
* crypt/md5-crypt.c (__md5_crypt_r): Convert to prototype-style
function definition.
* crypt/sha256-crypt.c (__sha256_crypt_r): Likewise.
* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.
* debug/backtracesyms.c (__backtrace_symbols): Likewise.
* elf/dl-minimal.c (_itoa): Likewise.
* hurd/hurdmalloc.c (malloc): Likewise.
(free): Likewise.
(realloc): Likewise.
* inet/inet6_option.c (inet6_option_space): Likewise.
(inet6_option_init): Likewise.
(inet6_option_append): Likewise.
(inet6_option_alloc): Likewise.
(inet6_option_next): Likewise.
(inet6_option_find): Likewise.
* io/ftw.c (FTW_NAME): Likewise.
(NFTW_NAME): Likewise.
(NFTW_NEW_NAME): Likewise.
(NFTW_OLD_NAME): Likewise.
* libio/iofwide.c (_IO_fwide): Likewise.
* libio/strops.c (_IO_str_init_static_internal): Likewise.
(_IO_str_init_static): Likewise.
(_IO_str_init_readonly): Likewise.
(_IO_str_overflow): Likewise.
(_IO_str_underflow): Likewise.
(_IO_str_count): Likewise.
(_IO_str_seekoff): Likewise.
(_IO_str_pbackfail): Likewise.
(_IO_str_finish): Likewise.
* libio/wstrops.c (_IO_wstr_init_static): Likewise.
(_IO_wstr_overflow): Likewise.
(_IO_wstr_underflow): Likewise.
(_IO_wstr_count): Likewise.
(_IO_wstr_seekoff): Likewise.
(_IO_wstr_pbackfail): Likewise.
(_IO_wstr_finish): Likewise.
* locale/programs/localedef.c (normalize_codeset): Likewise.
* locale/programs/locarchive.c (add_locale_to_archive): Likewise.
(add_locales_to_archive): Likewise.
(delete_locales_from_archive): Likewise.
* malloc/malloc.c (__libc_mallinfo): Likewise.
* math/gen-auto-libm-tests.c (init_fp_formats): Likewise.
* misc/tsearch.c (__tfind): Likewise.
* nptl/pthread_attr_destroy.c (__pthread_attr_destroy): Likewise.
* nptl/pthread_attr_getdetachstate.c
(__pthread_attr_getdetachstate): Likewise.
* nptl/pthread_attr_getguardsize.c (pthread_attr_getguardsize):
Likewise.
* nptl/pthread_attr_getinheritsched.c
(__pthread_attr_getinheritsched): Likewise.
* nptl/pthread_attr_getschedparam.c
(__pthread_attr_getschedparam): Likewise.
* nptl/pthread_attr_getschedpolicy.c
(__pthread_attr_getschedpolicy): Likewise.
* nptl/pthread_attr_getscope.c (__pthread_attr_getscope):
Likewise.
* nptl/pthread_attr_getstack.c (__pthread_attr_getstack):
Likewise.
* nptl/pthread_attr_getstackaddr.c (__pthread_attr_getstackaddr):
Likewise.
* nptl/pthread_attr_getstacksize.c (__pthread_attr_getstacksize):
Likewise.
* nptl/pthread_attr_init.c (__pthread_attr_init_2_1): Likewise.
(__pthread_attr_init_2_0): Likewise.
* nptl/pthread_attr_setdetachstate.c
(__pthread_attr_setdetachstate): Likewise.
* nptl/pthread_attr_setguardsize.c (pthread_attr_setguardsize):
Likewise.
* nptl/pthread_attr_setinheritsched.c
(__pthread_attr_setinheritsched): Likewise.
* nptl/pthread_attr_setschedparam.c
(__pthread_attr_setschedparam): Likewise.
* nptl/pthread_attr_setschedpolicy.c
(__pthread_attr_setschedpolicy): Likewise.
* nptl/pthread_attr_setscope.c (__pthread_attr_setscope):
Likewise.
* nptl/pthread_attr_setstack.c (__pthread_attr_setstack):
Likewise.
* nptl/pthread_attr_setstackaddr.c (__pthread_attr_setstackaddr):
Likewise.
* nptl/pthread_attr_setstacksize.c (__pthread_attr_setstacksize):
Likewise.
* nptl/pthread_condattr_setclock.c (pthread_condattr_setclock):
Likewise.
* nptl/pthread_create.c (__find_in_stack_list): Likewise.
* nptl/pthread_getattr_np.c (pthread_getattr_np): Likewise.
* nptl/pthread_mutex_cond_lock.c (__pthread_mutex_lock): Define to
use internal_function.
* nptl/pthread_mutex_init.c (__pthread_mutex_init): Convert to
prototype-style function definition.
* nptl/pthread_mutex_lock.c (__pthread_mutex_lock): Likewise.
(__pthread_mutex_cond_lock_adjust): Likewise. Use
internal_function.
* nptl/pthread_mutex_timedlock.c (pthread_mutex_timedlock):
Convert to prototype-style function definition.
* nptl/pthread_mutex_trylock.c (__pthread_mutex_trylock):
Likewise.
* nptl/pthread_mutex_unlock.c (__pthread_mutex_unlock_usercnt):
Likewise.
(__pthread_mutex_unlock): Likewise.
* nptl_db/td_ta_clear_event.c (td_ta_clear_event): Likewise.
* nptl_db/td_ta_set_event.c (td_ta_set_event): Likewise.
* nptl_db/td_thr_clear_event.c (td_thr_clear_event): Likewise.
* nptl_db/td_thr_event_enable.c (td_thr_event_enable): Likewise.
* nptl_db/td_thr_set_event.c (td_thr_set_event): Likewise.
* nss/makedb.c (process_input): Likewise.
* posix/fnmatch.c (__strchrnul): Likewise.
(__wcschrnul): Likewise.
(fnmatch): Likewise.
* posix/fnmatch_loop.c (FCT): Likewise.
* posix/glob.c (globfree): Likewise.
(__glob_pattern_type): Likewise.
(__glob_pattern_p): Likewise.
* posix/regcomp.c (re_compile_pattern): Likewise.
(re_set_syntax): Likewise.
(re_compile_fastmap): Likewise.
(regcomp): Likewise.
(regerror): Likewise.
(regfree): Likewise.
* posix/regexec.c (regexec): Likewise.
(re_match): Likewise.
(re_search): Likewise.
(re_match_2): Likewise.
(re_search_2): Likewise.
(re_search_stub): Likewise. Use internal_function
(re_copy_regs): Likewise.
(re_set_registers): Convert to prototype-style function
definition.
(prune_impossible_nodes): Likewise. Use internal_function.
* resolv/inet_net_pton.c (inet_net_pton): Convert to
prototype-style function definition.
(inet_net_pton_ipv4): Likewise.
* stdlib/strtod_l.c (____STRTOF_INTERNAL): Likewise.
* sysdeps/pthread/aio_cancel.c (aio_cancel): Likewise.
* sysdeps/pthread/aio_suspend.c (aio_suspend): Likewise.
* sysdeps/pthread/timer_delete.c (timer_delete): Likewise.
* sysdeps/unix/sysv/linux/dl-openat64.c (openat64): Likewise.
Make variadic.
* time/strptime_l.c (localtime_r): Convert to prototype-style
function definition.
* wcsmbs/mbsnrtowcs.c (__mbsnrtowcs): Likewise.
* wcsmbs/mbsrtowcs_l.c (__mbsrtowcs_l): Likewise.
* wcsmbs/wcsnrtombs.c (__wcsnrtombs): Likewise.
* wcsmbs/wcsrtombs.c (__wcsrtombs): Likewise.
The recent put*ent hardening changes broke the build for i386. i386
defines internal_function to __attribute__ ((regparm (3), stdcall)),
which affects type compatibility, so requiring internal_function to be
used consistently on declarations and definitions. This patch adds
internal_function to the definitions of the new functions using it on
their declarations.
Tested for i386 that this fixes the build.
* nss/rewrite_field.c (__nss_rewrite_field): Use
internal_function.
* nss/valid_field.c (__nss_valid_field): Likewise.
* nss/valid_list_field.c (__nss_valid_list_field): Likewise.
This prevents injection of ':' and '\n' into output functions which
use the NSS files database syntax. Critical fields (user/group names
and file system paths) are checked strictly. For backwards
compatibility, the GECOS field is rewritten instead.
The getent program is adjusted to use the put*ent functions in libc,
instead of local copies. This changes the behavior of getent if user
names start with '-' or '+'.
It used to be common practice to have a statically linked shell for an
alternative root account, as in:
root❌0:0:root:/root:/bin/bash
toor❌0:0:root recovery account:/root:/sbin/sash
This causes problems with passwd NSS tests because a UID-based lookup
will only retrieve one of those entries. The original version of
nss/bug17079.c detected this, but failed to use this information later
on.
These scripts use #!/bin/sh explicitly, so make sure they avoid echo -n
as different shells treat it differently. Use the portable printf func
instead.
Robin Hack discovered Samba would enter an infinite loop processing
certain quota-related requests. We eventually tracked this down to a
glibc issue.
Running a (simplified) test case under strace shows that /etc/passwd
is continuously opened and closed:
…
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
read(3, "root❌0:0:root:/root:/bin/bash\n"..., 4096) = 2717
lseek(3, 2717, SEEK_SET) = 2717
close(3) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "root❌0:0:root:/root:/bin/bash\n"..., 4096) = 2717
lseek(3, 2717, SEEK_SET) = 2717
close(3) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
…
The lookup function implementation in
nss/nss_files/files-XXX.c:DB_LOOKUP has code to prevent that. It is
supposed skip closing the input file if it was already open.
/* Reset file pointer to beginning or open file. */ \
status = internal_setent (keep_stream); \
\
if (status == NSS_STATUS_SUCCESS) \
{ \
/* Tell getent function that we have repositioned the file pointer. */ \
last_use = getby; \
\
while ((status = internal_getent (result, buffer, buflen, errnop \
H_ERRNO_ARG EXTRA_ARGS_VALUE)) \
== NSS_STATUS_SUCCESS) \
{ break_if_match } \
\
if (! keep_stream) \
internal_endent (); \
} \
keep_stream is initialized from the stayopen flag in internal_setent.
internal_setent is called from the set*ent implementation as:
status = internal_setent (stayopen);
However, for non-host database, this flag is always 0, per the
STAYOPEN magic in nss/getXXent_r.c.
Thus, the fix is this:
- status = internal_setent (stayopen);
+ status = internal_setent (1);
This is not a behavioral change even for the hosts database (where the
application can specify the stayopen flag) because with a call to
sethostent(0), the file handle is still not closed in the
implementation of gethostent.
In bug 14906 the user complains that the inotify support in nscd
is not sufficient when it comes to detecting changes in the
configurationfiles that should be watched for the various databases.
The current nscd implementation uses inotify to watch for changes in
the configuration files, but adds watches only for IN_DELETE_SELF and
IN_MODIFY. These watches are insufficient to cover even the most basic
uses by a system administrator. For example using emacs or vim to edit
a configuration file should trigger a reload but it might not if
the editors use move to atomically update the file. This atomic update
changes the inode and thus removes the notification on the file (as
inotify is based on inodes). Thus the inotify support in nscd for
configuration files is insufficient to account for the average use
cases of system administrators and users.
The inotify support is significantly enhanced and described here:
https://www.sourceware.org/ml/libc-alpha/2015-02/msg00504.html
Tested on x86_64 with and without inotify support.
Testing for 32-bit x86 shows up a warning "tst-nss-test1.c:25:3:
warning: format '%ju' expects argument of type 'uintmax_t', but
argument 2 has type 'int' [-Wformat=]". The argument is a difference
of two pointers, a signed quantity of type ptrdiff_t for which the
right format is %td; this patch makes this test use that format.
Tested for 32-bit x86.
* nss/tst-nss-test1.c (do_test): Use %td printf format for pointer
difference, not %ju.
Replace it with IS_IN (libc) and remove the one place that it
is defined in. The generated code remains unchanged on x86_64.
* include/shlib-compat.h [!NOT_IN_libc]: Remove.
* nss/nss_files/files-parse.c (IS_IN_libc): Replace with
IS_IN (libc).
nss_db uses nss_files code for services, but a continue on protocol
mismatch that doesn't affect nss_files skipped the code that advanced
to the next db entry. Any one of these changes would suffice to fix
it, but fixing both makes them both safer to reuse elsewhere.
for ChangeLog
[BZ #14498]
* NEWS: Fixed.
* nss/nss_db/db-XXX.c (_nss_db_get##name##_r): Update hidx
after parsing line but before break_if_match.
* nss/nss_files/files-service (DB_LOOKUP): Don't "continue;"
if there is a protocol mismatch.
The current scheme to identify which module a translation unit is
built in depends on defining multiple macros IS_IN_* and also defining
NOT_IN_libc if we're building a non-libc module. In addition, there
is an IN_LIB macro that does effectively the same thing, but for
different modules (notably the systemtap probes). This macro scheme
unifies both ideas to use just one macro IN_MODULE and assign it a
value depending on the module it is being built into. If the module
is not defined, it defaults to MODULE_libc.
Patches that follow will replace uses of IS_IN_* variables with the
IS_IN() macro. libc-symbols.h has been converted already to give an
example of how such a transition will look.
Verified that there are no relevant binary changes. One source change
that will crop up repeatedly is that of nscd_stat, since it uses the
build timestamp as a constant in its logic.
* Makeconfig (in-module): Get value of libof set for the
translation unit.
(CPPFLAGS): Use $(in-module).
* Makerules: Don't suffix routine names for nonlib.
* include/libc-modules.h: New file.
* include/libc-symbols.h: Include libc-modules.h
(IS_IN): New macro to replace IS_IN_* macros.
* elf/Makefile: Set libof-* for each routine.
* elf/rtld-Rules: Likewise.
* extra-modules.mk: Likewise.
* iconv/Makefile: Likewise.
* iconvdata/Makefile: Likewise.
* locale/Makefile: Likewise.
* malloc/Makefile: Likewise.
* nss/Makefile: Likewise.
* sysdeps/gnu/Makefile: Likewise.
* sysdeps/ieee754/ldbl-opt/Makefile: Likewise.
* sysdeps/unix/sysv/linux/Makefile: Likewise.
* sysdeps/s390/s390-64/Makefile: Likewise.
* nscd/Makefile: Set libof-* for each routine. Set CFLAGS and
CPPFLAGS for nscd instead of nonlib.
The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL
(with errno as ERANGE) when the supplied buffer does not have
sufficient space for the result. This is wrong, because the canonical
way to indicate insufficient buffer is to set the errno to ERANGE and
the status to NSS_STATUS_TRYAGAIN, as is used by all other modules.
This fixes nscd behaviour when the nss_ldap module returns
NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to
fit into the supplied buffer.
In <https://sourceware.org/ml/libc-alpha/2014-01/msg00196.html> I
noted it was necessary to add includes of Makeconfig early in various
subdirectory makefiles for the tests-special variable settings added
by that patch to be conditional on configuration information. No-one
commented on the general question there of whether Makeconfig should
always be included immediately after the definition of subdir.
This patch implements that early inclusion of Makeconfig in each
directory (which is a lot easier than consistent placement of includes
of Rules). Includes are added if needed, or moved up if already
present. Subdirectory "all:" targets are removed, since Makeconfig
provides one.
There is potential for further cleanups I haven't done. Rules and
Makerules have code such as
ifneq "$(findstring env,$(origin headers))" ""
headers :=
endif
to override to empty any value of various variables that came from the
environment. I think there is a case for Makeconfig setting all the
subdirectory variables (other than subdir) to empty to ensure no
outside value is going to take effect if a subdirectory fails to
define a variable. (A list of such variables, possibly out of date
and incomplete, is in manual/maint.texi.) Rules and Makerules would
give errors if Makeconfig hadn't already been included, instead of
including it themselves. The special code to override values coming
from the environment would then be obsolete and could be removed.
Tested x86_64, including that installed binaries are identical before
and after the patch.
* argp/Makefile: Include Makeconfig immediately after defining
subdir.
* assert/Makefile: Likewise.
* benchtests/Makefile: Likewise.
* catgets/Makefile: Likewise.
* conform/Makefile: Likewise.
* crypt/Makefile: Likewise.
* csu/Makefile: Likewise.
(all): Remove target.
* ctype/Makefile: Include Makeconfig immediately after defining
subdir.
* debug/Makefile: Likewise.
* dirent/Makefile: Likewise.
* dlfcn/Makefile: Likewise.
* gmon/Makefile: Likewise.
* gnulib/Makefile: Likewise.
* grp/Makefile: Likewise.
* gshadow/Makefile: Likewise.
* hesiod/Makefile: Likewise.
* hurd/Makefile: Likewise.
(all): Remove target.
* iconvdata/Makefile: Include Makeconfig immediately after
defining subdir.
* inet/Makefile: Likewise.
* intl/Makefile: Likewise.
* io/Makefile: Likewise.
* libio/Makefile: Likewise.
(all): Remove target.
* locale/Makefile: Include Makeconfig immediately after defining
subdir.
* login/Makefile: Likewise.
* mach/Makefile: Likewise.
(all): Remove target.
* malloc/Makefile: Include Makeconfig immediately after defining
subdir.
(all): Remove target.
* manual/Makefile: Include Makeconfig immediately after defining
subdir.
* math/Makefile: Likewise.
* misc/Makefile: Likewise.
* nis/Makefile: Likewise.
* nss/Makefile: Likewise.
* po/Makefile: Likewise.
(all): Remove target.
* posix/Makefile: Include Makeconfig immediately after defining
subdir.
* pwd/Makefile: Likewise.
* resolv/Makefile: Likewise.
* resource/Makefile: Likewise.
* rt/Makefile: Likewise.
* setjmp/Makefile: Likewise.
* shadow/Makefile: Likewise.
* signal/Makefile: Likewise.
* socket/Makefile: Likewise.
* soft-fp/Makefile: Likewise.
* stdio-common/Makefile: Likewise.
* stdlib/Makefile: Likewise.
* streams/Makefile: Likewise.
* string/Makefile: Likewise.
* sunrpc/Makefile: Likewise.
(all): Remove target.
* sysvipc/Makefile: Include Makeconfig immediately after defining
subdir.
* termios/Makefile: Likewise.
* time/Makefile: Likewise.
* timezone/Makefile: Likewise.
(all): Remove target.
* wcsmbs/Makefile: Include Makeconfig immediately after defining
subdir.
* wctype/Makefile: Likewise.
libidn/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
localedata/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
(all): Remove target.
nptl/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
nptl_db/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
The netgroups file parsing code tries to access the character before
the newline in parsed lines to see if it is a backslash (\). This
results in an access before the block allocated for the line if the
line is blank, i.e. does not have anything other than the newline
character. This doesn't seem like it will cause any crashes because
the byte belongs to the malloc metadata block and hence access to it
will always succeed.
There could be an invalid alteration in code flow where a blank line
is seen as a continuation due to the preceding byte *happening* to be
'\\'. This could be done by interposing malloc, but that's not really
a security problem since one could interpose getnetgrent_r itself and
achieve a similar 'exploit'.
The possibility of actually exploiting this is remote to impossible
since it also requires the previous line to end with a '\\', which
would happen only on invalid configurations.
AF_INET lookup in hosts file uses _nss_files_gethostbyname2_r, which
is not capable of returning a canonical name if it has found one.
This change adds _nss_files_gethostbyname3_r, which wraps around
_nss_files_gethostbyname2_r and then returns result.h_name as the
canonical name.
Currently for AF_INET lookups from the hosts file, buffer sizes larger
than INT_MAX silently overflow and may result in access beyond bounds
of a buffer. This happens when the number of results in an AF_INET
lookup in /etc/hosts are very large.
There are two aspects to the problem. One problem is that the size
computed from the buffer size is stored into an int, which results in
overflow for large sizes. Additionally, even if this size was
expanded, the function used to read content into the buffer (fgets)
accepts only int sizes. As a result, the fix is to have a function
wrap around fgets that calls it multiple times with int sizes if
necessary.
Fixes BZ #15339.
NSS_STATUS_UNAVAIL may mean that a necessary input resource is not
available. This could occur in a number of cases including when the
network is down, system runs out of file descriptors, etc. The
correct differentiator in such a case is the h_errno, which gives the
nature of failure. In case of failures other than a simple 'not
found', we set h_errno as NETDB_INTERNAL and let errno be the
identifier for the exact error.
These prototypes are duplicated in many places. Add a dedicated
header for holding prototypes for program-specific functions to
avoid that.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
When glibc is built with --enable-static-nss, the warning that
using NSS symbols requires the nss shared objects to be present
is no longer true, as those symbols are built into libc. Suppress
the warning for those symbols by providing a new macro
(nss_interface_function) for the NSS functions that is defined as
static_link_warning in the normal case, and empty for static NSS.
limit
[BZ #14307]
* sysdeps/posix/getaddrinfo.c (gaih_inet): Increase the size of
the temporary buffer used to invoke __gethostbyname2_r,
__gethostbyaddr_r and gethostbyname4_r to make room for struct
host_data / struct gaih_addrtuple.
* resolv/nss_dns/dns-host.c (global scope): Move definition of
implementation constants MAX_NR_ALIASES and MAX_NR_ADDRS to
header file nss/nsswitch.h.
* nss/nsswitch.h (global scope): Add definition of implementation
constants MAX_NR_ALIASES and MAX_NR_ADDRS (moved from
resolv/nss_dns/dns-host.c).
Compiling on Linux/i586 I get these warnings:
nss_db/db-initgroups.c:60:3: warning: implicit declaration of function
'strlen' [-Wimplicit-function-declaration]
nss_db/db-initgroups.c:74:7: warning: implicit declaration of function
'strncmp' [-Wimplicit-function-declaration]
Fixed with inclusion of <string.h>
nscd can clear caches when certain files change. The list of files
was hardcoded so far and worked for nss_files and nss_dns and those
modules which need no monitoring. nss_db, for instance, has its
own set of files to monitor. Now the NSS modules themselves can
request that certain files are monitored.
No longer is Berkeley db used. Instead a simple hash function is used.
The database files are not updated once they are created and therefore
no complicated database is needed.
Together with a previous patch which introduced the initgroups
entry in nsswitch.conf this patch allows more customization of
the lookups for initgroups/getgrouplist. Nothing changes if
the groups entry in nsswitch.conf is used. If the initgroups entry
is used instead the code now doesn't automatically continue looking
for more entries aftedr a successful lookup. Instead the normal
rules are followed which do specify that by default no more
service is consulted. This can be overwritten with
[SUCCESS=continue]
appropriately placed in the line.
I changed the files NSS backend for networks because I thought the
getent use of getnetbyaddr is correct. But it isn't. Undo parts
of the last change and fix getent.
There were two problems in the getnetbyaddr implementation. The type
argument is pretty much useless since (almost) no input file contains
this information and the NSS backends make up the value they fill in
for the n_addrtype field. Therefore we now declare that passing AF_UNSPEC
is always recognized. Secondly, the files backend didn't compare the network
numbers with the correct endianess.
Also change getent to take advantage of the type parameter change.
* elf/ldd.bash.in: Likewise.
* elf/sprof.c: Likewise.
* locale/programs/locale.c: Likewise.
* malloc/memusage.sh: Likewise.
* nss/getent.c: Likewise.
2009-02-06 Joseph Myers <joseph@codesourcery.com>
* debug/pcprofiledump.c (print_version,
argp_program_version_hook): New function.
* elf/ldconfig.c (more_help): New function.
(argp): Use it.
* elf/sln.c (usage): New function.
(main): Support --help and --version.
* malloc/memusagestat.c (print_version): New function.
(argp_program_version_hook): New variable.
* nscd/nscd.c (more_help): New function.
(argp): Use it.
* posix/getconf.c (main): Send --version output to stdout.
Support --help.
* sunrpc/rpc_main.c (usage, options_usage): Take STREAM and STATUS
arguments. All callers changed.
(print_version): New function.
(parseargs): Support --help and --version.
* sunrpc/rpcinfo.c (usage): Take STREAM argument. All callers
changed.
(print_version): New function.
(main): Use getopt_long. Support --help and --version.
* sysdeps/unix/sysv/linux/lddlibc4.c (main): Support --help and
--version.
2009-02-06 Ulrich Drepper <drepper@redhat.com>
prototypes.
* include/arpa/nameser_compat.h: Define T_UNSPEC.
* nis/Versions (libnss_nis): Export _nss_nis_gethostbyname4_r.
(libnss_nisplus): Export _nss_nisplus_gethostbyname4_r.
* nis/nss_nis/nis-hosts.c (LINE_PARSER): Change to also handle
af==AF_UNSPEC.
(_nss_nis_gethostbyname4_r): New function.
* nis/nss_nisplus/nisplus-hosts.c (_nss_nisplus_parse_hostent):
Change to also handle af==AF_UNSPEC.
(get_tablename): New function. Use it to avoid duplication.
(_nss_nisplus_gethostbyname4_r): New function.
* nscd/aicache.c (addhstaiX): Use gethostbyname4_r function is
available.
* nss/Versions (libnss_files): Export _nss_files_gethostbyname4_r.
* nss/nss.h: Define struct gaih_addrtuple.
* nss/nss_files/files-hosts.c (LINE_PARSER): Change to also handle
af==AF_UNSPEC.
(_nss_files_gethostbyname4_r): New function.
* resolv/Versions (libnss_dns): Export _nss_dns_gethostbyname4_r.
* resolv/gethnmaddr.c: Adjust __libc_res_nsearch and __libc_res_nquery
calls.
* resolv/res_query.c (__libc_res_nquery): Take two additional
parameters for second answer buffer. Handle type=T_UNSPEC to mean
look up IPv4 and IPv6.
Change all callers.
* resolv/res_send.c (__libc_res_nsend): Take five aditional parameters
for an additional query and answer buffer. Pass to send_vc and
send_dg.
(send_vc): Send possibly two requests and receive two answers.
(send_dg): Likewise.
* resolv/nss_dns/dns-host.c: Adjust calls to __libc_res_nsearch and
__libc_res_nquery.
(_nss_dns_gethostbyname4_r): New function.
(gaih_getanswer_slice): Likewise.
(gaih_getanswer): Likewise.
* resolv/nss_dns/dns-canon.c (_nss_dns_getcanonname_r): Adjust
__libc_res_nquery call.
* resolv/nss_dns/dns-network.c (_nss_dns_getnetbyaddr_r): Likewise.
(_nss_dns_getnetbyname_r): Adjust __libc_res_nsearch call.
* sysdeps/posix/getaddrinfo.c: Use gethostbyname4_r function is
available.
call.
(__nisfind_server): Similar for open readColdStartFile call.
Patch partially by Jim Meyering.
* nss/nss_files/files-XXX.c (_nss_files_getXXent_r): Save errno
around internal_setent call.
gethstbynm3_r.
* nscd/gethstbynm2_r.c: Remove.
* nscd/gethstbynm3_r.c: New file.
* nscd/aicache.c (addhstaiX): Use __gethostbyaddr2_r instead of
__gethostbyaddr_r.
* nscd/gethstbyad_r.c: Generate __gethostbyaddr2_r function. Define
__gethostbyaddr_r compatibility wrapper.
* nscd/hstcache.c (cache_addhst): Add ttl parameter. Use it when
determining timeout of entry.
(lookup): Take new parameter and pass it to __gethostbyname3_r and
__gethostbyaddr2_r.
(addhstbyX): Pass reference to variable for TTL to lookup and
cache_addhst.
* nss/Versions [glibc] (GLIBC_PRIVATE): Export __nss_passwd_lookup2,
__nss_group_lookup2, __nss_hosts_lookup2, __nss_services_lookup2,
and __nss_next2. Remove __nss_services_lookup.
* nss/XXX-lookup.c: Name function now *_lookup2. Add new parameter.
Add compat wrapper.
* nss/getXXbyYY_r.c: Changes to call new *_lookup2 functions and
__nss_next2.
* nss/getXXent_r.c: Likewise.
* nss/getnssent_r.c: Likewise.
* nss/nsswitch.c (__nss_lookup): Add new parameter. If first function
does not exist in module, try the optional second name.
(__nss_next2): New function.
(__nss_next): Now wrapper around __nss_next2.
* nss/nsswitch.h: Adjust __nss_lookup prototype.
Declare __nss_next2.
Adjust definition of db_lookup_function type.
* nss/service-lookup.c: Define NO_COMPAT.
* include/netdb.h: Declare __gethostbyaddr2_r and __gethostbyname3_r.
* inet/ether_hton.c: Use __nss_next2 instead of __nss_next.
* inet/ether_ntoh.c: Likewise.
* sunrpc/netname.c: Likewise.
* sunrpc/publickey.c: Likewise.
* inet/getnetgrent.c: Likewise. Adjust calls to __nss_lookup.
* inet/gethstbyad_r.c (DB_LOOKUP_FCT): Change to __nss_hosts_lookup2.
* inet/gethstbynm2_r.c (DB_LOOKUP_FCT): Likewise.
* inet/gethstbynm_r.c (DB_LOOKUP_FCT): Likewise.
* inet/gethstent_r.c (DB_LOOKUP_FCT): Likewise.
* nscd/aicache.c (addhstaiX): Fix default TTL handling.
* inet/getnetgrent.c (setup): Encrypt static pointer.
void **.
* nss/nsswitch.h (service_user): Use void * type for KNOWN field.
* nss/nss_files/files-hosts.c (LINE_PARSER): Cast host_addr to
char * to avoid warning.
* nis/nss_nis/nis-hosts.c (LINE_PARSER): Likewise.
* timezone/Makefile (CFLAGS-zdump.c): Add -fwrapv.
* locale/programs/ld-ctype.c (ctype_finish, set_class_defaults,
allocate_arrays): Cast second argument to charmap_find_symbol
to char * to avoid warnings.
* locale/programs/repertoire.c (repertoire_new_char): Change
from_nr, to_nr and cnt to unsigned long, adjust printf format
string.
* locale/programs/ld-collate.c (insert_value, handle_ellipsis):
Cast second argument to new_element to char * to avoid warnings.
* locale/weightwc.h (findidx): Cast &extra[-i] to const int32_t *.
* intl/gettextP.h (struct loaded_domain): Change plural to const
struct expression *.
* intl/plural-eval.c (plural_eval): Change first argument to
const struct expression *.
* intl/plural-exp.c (EXTRACT_PLURAL_EXPRESSION): Change first
argument to const struct expression **.
* intl/plural-exp.h (EXTRACT_PLURAL_EXPRESSION, plural_eval): Adjust
prototypes.
* intl/loadmsgcat (_nl_unload_domain): Cast away const
in call to __gettext_free_exp.
* posix/fnmatch.c (fnmatch): Rearrange code to avoid maybe
unitialized wstring/wpattern var warnings.
* posix/runtests.c (struct a_test): Make data field const char *.
* stdio-common/tst-sprintf2.c (main): Don't declere u, v and buf
vars if not LDBL_MANT_DIG >= 106.
* stdio-common/Makefile (CFLAGS-vfwprintf.c): Add -Wno-unitialized.
* stdio-common/vfprintf.c (vfprintf): Cast first arugment to
__find_specmb to avoid warning.
* rt/tst-mqueue1.c (do_one_test): Add casts to avoid warnings.
* debug/test-strcpy_chk.c (do_tests, do_random_tests): Add casts
to avoid warnings.
* sysdeps/ieee754/ldbl-96/s_roundl.c (huge): Add L suffix to
initializer.
* sysdeps/unix/clock_gettime.c (clock_gettime): Only define
tv var when it will be actually used.
* sunrpc/rpc_cmsg.c (xdr_callmsg): Cast IXDR_PUT_* to void
to avoid warnings.
was allocated here. [Coverity CID 219]
* posix/getconf.c (print_all): Free confstr data after printing.
[Coverity CID 218]
* sysdeps/posix/getaddrinfo.c (gaih_inet): Free canon string if
list allocation fails. [Coverity CID 215]
* nss/nsswitch.c (__nss_configure_lookup): Fix loop end condition.
[Coverity CID 213]
* argp/argp-help.c (hol_entry_cmp): Don't call canon_doc_option if
string is NULL. [Coverity CID 212]
* argp/Makefile: Add rules to build and run bug-argp1.
* argp/bug-argp1.c: New file.
* io/ftw.c (ftw_dir): Use __rawmemchr instead of strchr to find
end of string.
* stdlib/canonicalize.c (__realpath): Likewise.
* locale/programs/ld-time.c (time_finish): Don't dereference NULL
pointer. [Coverity CID 206]
* elf/dl-dst.h (DL_DST_REQUIRED): Be prepared for missing link map
in statically linked code.
* elf/dl-load.c (_dl_dst_substitute): When replacing ORIGIN in
statically built code, be prepared to have no link map.
[Coverity CID 205]
* argp/argp-help.c (fill_in_uparams): Handle STATE==NULL in
dgettext calls. [Coverity CID 204]
* argp/argp-help.c (struct uparams): Remove valid member. Change
the one user.
(uparam_names): Reduce size. Avoid relative relocations.
Moved to read-only segment.
(fill_in_uparams): Update for new layout.
* sysdeps/unix/sysv/linux/ifaddrs.c (getifaddrs): Parameter can be
assumed to always be != NULL. [Coverity CID 202]
* argp/argp-help.c (hol_entry_help): Remove some dead code
[Coverity CID 200].
* nis/nss_nis/nis-service.c (_nss_nis_getservbyport_r): Optimize
away a few more unconditional yperr2nss calls.
(_nss_nis_getservbyname_r): Likewise.
invalid length [Coverity CID 106].
* nss/nss_files/files-key.c (search): Close stream before
successful return [Coverity CID 107].
* io/fts.c (fts_open): Don't allocate parent if *argv==NULL
[Coverity CID 108].
* sunrpc/rpc_cout.c (inline_struct): Free sizestr after use
[Coverity CID 110, 109].
* sunrpc/rpc_scan.c (docppline): Free file string if it is not
going to be used [Coverity CID 111].
* sysdeps/unix/sysv/linux/getsourcefilter.c (getsourcefilter): Free
memory if socket level value cannot be retrieved [Coverity CID 112].
* nis/nis_clone_dir.c (nis_clone_directory): Free all memory in
error case [Coverity CID 114].
* nis/nis_clone_res.c (nis_clone_result): Free all memory in the
error cases [Coverity CID 115].
* sunrpc/rpc_parse.c (get_definition): Free defp if tok ==
TOK_EOF [Coverity CID 116].
* sysdeps/unix/sysv/linux/setsourcefilter.c (setsourcefilter): Free
memory if socket level value cannot be retrieved [Coverity CID 117].
* elf/cache.c (save_cache): Initialize pad to avoid writing
uninitialized data to disk.
* elf/cache.c (save_cache): Free file_entries_new [Coverity CID 118].
* intl/finddomain.c (_nl_find_domain): Avoid strdup of expand
locale name, use strdupa. Remove free call [Coverity CID 119].
* sunrpc/rpc_main.c (generate_guard): Avoid extra allocation and
the resulting leak [Coverity CID 121].
* sunrpc/rpc_main.c (mkfile_output): Free all allocated memory
[Coverity CID 122].
* sunrpc/rpc_main.c (h_output): Free guard after we are done
[Coverity CID 123].
* sunrpc/svc_udp.c (cache_set): Free victim if newbuf allocation
fails [Coverity CID 126].
* sunrpc/svc_udp.c (svcudp_enablecache): Free memory in error
cases [Coverity CID 127].
* nis/nis_table.c (__create_ib_request): Free ibreq in case strdup
fails [Coverity CID 128].
* nis/nis_getservlist.c (nis_getservlist): Free all memory in case
of an error [Coverity CID 130, 129].
* nis/nis_print_group_entry.c (nis_print_group_entry): If
nis_lookup call failed, return. Free lookup result in error
cases [Coverity CID 131].
* nis/nis_removemember.c (nis_removemember): Free all memory in
error cases [Coverity CID 132].
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Always free lookup result [Coverity CID 134].
* nis/nss_nisplus/nisplus-ethers.c (_nss_nisplus_gethostton_r):
Always free lookup result [Coverity CID 135].
* nis/nss_nisplus/nisplus-ethers.c (_nss_nisplus_getntohost_r):
Always free lookup result [Coverity CID 136].
* nis/nss_nisplus/nisplus-network.c (_nss_nisplus_getnetbyaddr_r):
Before retrying, free old result [Coverity CID 137].
* nis/nss_nisplus/nisplus-publickey.c (_nss_nisplus_netname2user):
Free res in case UID is zero [Coverity CID 138].
* nis/ypclnt.c (yp_update): Always free master string
[Coverity CID 140].
* nis/nis_creategroup.c (nis_creategroup): Free all memory in
error cases [Coverity CID 143, 142, 141].
* nis/nss_nis/nis-publickey.c (_nss_nis_getpublickey): Free result
if yp_match call succeeded [Coverity CID 155].
* nis/nss_nis/nis-publickey.c (_nss_nis_getsecretkey): Free string
allocated in yp_match at all times [Coverity CID 157, 156].
* nscd/nscd.c (write_pid): Close stream also if writing failed
[Coverity CID 165].
* nis/nis_table.c (nis_add_entry): Move test for NULL parameter
ahead of first use [Coverity CID 167].
* nis/nss_nis/nis-alias.c (_nss_nis_getaliasbyname_r): Move test
for NULL parameter ahead of first use [Coverity CID 168].
* intl/finddomain.c (_nl_find_domain): We never return NULL if we
found the locale [Coverity CID 169].
* inet/getnameinfo.c (getnameinfo): __getservbyport_r does not set
herrno [Coverity CID 178].
* nis/nis_checkpoint.c (nis_checkpoint): Don't access and returned
freed object [Coverity CID 182].
