From: DJ Delorie <dj@redhat.com>
To: Andreas Schwab <schwab@suse.de>
Cc: fweimer@redhat.com, carlos@redhat.com, libc-alpha@sourceware.org
Subject: [PATCHv7] nss_db: protect against empty mappings
Date: Tue, 25 Jun 2019 17:29:21 -0400 [thread overview]
Message-ID: <xnd0j1uzf2.fsf@greed.delorie.com> (raw)
In-Reply-To: <mvm1rzixfm0.fsf@suse.de> (message from Andreas Schwab on Tue, 25 Jun 2019 09:56:39 +0200)
Andreas Schwab <schwab@suse.de> writes:
> That comment does not quite say that. It should say that it's a symbol
> reference to the library (not a functional dependency).
I added a big comment to both of those explaining what the files were
for.
nss_db allows for getpwent et al to be called without a set*ent,
but it only works once. After the last get*ent a set*ent is
required to restart, because the end*ent did not properly reset
the module. Resetting it to NULL allows for a proper restart.
If the database doesn't exist, however, end*ent erroniously called
munmap which set errno.
The test case runs "makedb" inside the testroot, so needs selinux
DSOs installed.
2019-06-25 DJ Delorie <dj@redhat.com>
Sergei Trofimovich <slyfox@inbox.ru>
[BZ #24696]
[BZ #24695]
* nss/nss_db/db-open.c (internal_endent): Protect against NULL
mappings.
* nss/tst-nss-db-endgrent.c: New.
* nss/tst-nss-db-endgrent.root: New.
* nss/tst-nss-db-endpwent.c: New.
* nss/tst-nss-db-endpwent.root: New.
* nss/Makefile: Add new tests.
* support/links-dso-program-c.c: Add selinux dependency.
* support/links-dso-program.cc: Add selinux dependency.
* support/Makefile: Build those with -lselinux if enabled.
diff --git a/nss/Makefile b/nss/Makefile
index 95081bddc5..a15c3b7d90 100644
--- a/nss/Makefile
+++ b/nss/Makefile
@@ -61,7 +61,9 @@ xtests = bug-erange
tests-container = \
tst-nss-test3 \
- tst-nss-files-hosts-long
+ tst-nss-files-hosts-long \
+ tst-nss-db-endpwent \
+ tst-nss-db-endgrent
# Tests which need libdl
ifeq (yes,$(build-shared))
diff --git a/nss/nss_db/db-open.c b/nss/nss_db/db-open.c
index 8a83d6b930..3fa11e9ab0 100644
--- a/nss/nss_db/db-open.c
+++ b/nss/nss_db/db-open.c
@@ -63,5 +63,9 @@ internal_setent (const char *file, struct nss_db_map *mapping)
void
internal_endent (struct nss_db_map *mapping)
{
- munmap (mapping->header, mapping->len);
+ if (mapping->header != NULL)
+ {
+ munmap (mapping->header, mapping->len);
+ mapping->header = NULL;
+ }
}
diff --git a/nss/tst-nss-db-endgrent.c b/nss/tst-nss-db-endgrent.c
new file mode 100644
index 0000000000..367cc6c901
--- /dev/null
+++ b/nss/tst-nss-db-endgrent.c
@@ -0,0 +1,54 @@
+/* Test for endgrent changing errno for BZ #24696
+ Copyright (C) 2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <support/check.h>
+#include <support/support.h>
+
+/* The following test verifies that if the db NSS Service is initialized
+ with no database (getgrent), that a subsequent closure (endgrent) does
+ not set errno. In the case of the db service it is not an error to close
+ the service and so it should not set errno. */
+
+static int
+do_test (void)
+{
+ /* Just make sure it's not there, although usually it won't be. */
+ unlink ("/var/db/group.db");
+
+ /* This, in conjunction with the testroot's nsswitch.conf, causes
+ the nss_db module to be "connected" and initialized - but the
+ testroot has no group.db, so no mapping will be created. */
+ getgrent ();
+
+ errno = 0;
+
+ /* Before the fix, this would call munmap (NULL) and set errno. */
+ endgrent ();
+
+ if (errno != 0)
+ FAIL_EXIT1 ("endgrent set errno to %d\n", errno);
+
+ return 0;
+}
+#include <support/test-driver.c>
diff --git a/nss/tst-nss-db-endgrent.root/etc/nsswitch.conf b/nss/tst-nss-db-endgrent.root/etc/nsswitch.conf
new file mode 100644
index 0000000000..21471df94f
--- /dev/null
+++ b/nss/tst-nss-db-endgrent.root/etc/nsswitch.conf
@@ -0,0 +1 @@
+group : db files
diff --git a/nss/tst-nss-db-endpwent.c b/nss/tst-nss-db-endpwent.c
new file mode 100644
index 0000000000..0a8b3184b0
--- /dev/null
+++ b/nss/tst-nss-db-endpwent.c
@@ -0,0 +1,70 @@
+/* Test for endpwent->getpwent crash for BZ #24695
+ Copyright (C) 2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+
+#include <support/support.h>
+#include <support/check.h>
+
+/* It is entirely allowed to start with a getpwent call without
+ resetting the state of the service via a call to setpwent.
+ You can also call getpwent more times than you have entries in
+ the service, and it should not fail. This test iteratates the
+ database once, gets to the end, and then attempts a second
+ iteration to look for crashes. */
+
+static void
+try_it (void)
+{
+ struct passwd *pw;
+
+ /* setpwent is intentionally omitted here. The first call to
+ getpwent detects that it's first and initializes. The second
+ time try_it is called, this "first call" was not detected before
+ the fix, and getpwent would crash. */
+
+ while ((pw = getpwent ()) != NULL)
+ ;
+
+ /* We only care if this segfaults or not. */
+ endpwent ();
+}
+
+static int
+do_test (void)
+{
+ char *cmd;
+ const char *rest;
+
+ rest = "/makedb -o /var/db/passwd.db /var/db/passwd.in";
+ cmd = (char *) xmalloc (strlen (support_bindir_prefix)
+ + strlen (rest) + 1);
+ strcpy (cmd, support_bindir_prefix);
+ strcat (cmd, rest);
+
+ system (cmd);
+
+ try_it ();
+ try_it ();
+
+ return 0;
+}
+#include <support/test-driver.c>
diff --git a/nss/tst-nss-db-endpwent.root/etc/nsswitch.conf b/nss/tst-nss-db-endpwent.root/etc/nsswitch.conf
new file mode 100644
index 0000000000..593ffc564a
--- /dev/null
+++ b/nss/tst-nss-db-endpwent.root/etc/nsswitch.conf
@@ -0,0 +1 @@
+passwd: db
diff --git a/nss/tst-nss-db-endpwent.root/var/db/passwd.in b/nss/tst-nss-db-endpwent.root/var/db/passwd.in
new file mode 100644
index 0000000000..98f39126ef
--- /dev/null
+++ b/nss/tst-nss-db-endpwent.root/var/db/passwd.in
@@ -0,0 +1,4 @@
+.root root:x:0:0:root:/root:/bin/bash
+=0 root:x:0:0:root:/root:/bin/bash
+.bin bin:x:1:1:bin:/bin:/sbin/nologin
+=1 bin:x:1:1:bin:/bin:/sbin/nologin
diff --git a/support/Makefile b/support/Makefile
index 56c1ed43bb..ab66913a02 100644
--- a/support/Makefile
+++ b/support/Makefile
@@ -191,6 +191,11 @@ LINKS_DSO_PROGRAM = links-dso-program
LDLIBS-links-dso-program = -lstdc++ -lgcc -lgcc_s $(libunwind)
endif
+ifeq (yes,$(have-selinux))
+LDLIBS-$(LINKS_DSO_PROGRAM) += -lselinux
+endif
+
+
LDLIBS-test-container = $(libsupport)
others += test-container
diff --git a/support/links-dso-program-c.c b/support/links-dso-program-c.c
index d28a28a0d0..5fcbab2c17 100644
--- a/support/links-dso-program-c.c
+++ b/support/links-dso-program-c.c
@@ -1,9 +1,26 @@
#include <stdio.h>
+/* makedb needs selinux dso's. */
+#ifdef HAVE_SELINUX
+# include <selinux/selinux.h>
+#endif
+
+/* The purpose of this file is to indicate to the build system which
+ shared objects need to be copied into the testroot, such as gcc or
+ selinux support libraries. This program is never executed, only
+ scanned for dependencies on shared objects, so the code below may
+ seem weird - it's written to survive gcc optimization and force
+ such dependencies.
+*/
+
int
main (int argc, char **argv)
{
/* Complexity to keep gcc from optimizing this away. */
printf ("This is a test %s.\n", argc > 1 ? argv[1] : "null");
+#ifdef HAVE_SELINUX
+ /* This exists to force libselinux.so to be required. */
+ printf ("selinux %d\n", is_selinux_enabled ());
+#endif
return 0;
}
diff --git a/support/links-dso-program.cc b/support/links-dso-program.cc
index dba6976c06..4bc2411086 100644
--- a/support/links-dso-program.cc
+++ b/support/links-dso-program.cc
@@ -1,11 +1,28 @@
#include <iostream>
+/* makedb needs selinux dso's. */
+#ifdef HAVE_SELINUX
+# include <selinux/selinux.h>
+#endif
+
using namespace std;
+/* The purpose of this file is to indicate to the build system which
+ shared objects need to be copied into the testroot, such as gcc or
+ selinux support libraries. This program is never executed, only
+ scanned for dependencies on shared objects, so the code below may
+ seem weird - it's written to survive gcc optimization and force
+ such dependencies.
+*/
+
int
main (int argc, char **argv)
{
/* Complexity to keep gcc from optimizing this away. */
cout << (argc > 1 ? argv[1] : "null");
+#ifdef HAVE_SELINUX
+ /* This exists to force libselinux.so to be required. */
+ cout << "selinux " << is_selinux_enabled ();
+#endif
return 0;
}
next prev parent reply other threads:[~2019-06-25 21:29 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-18 0:28 nss_db: protect against empty mappings DJ Delorie
2019-06-18 2:35 ` Carlos O'Donell
2019-06-18 3:15 ` DJ Delorie
2019-06-18 3:33 ` Carlos O'Donell
2019-06-18 4:12 ` DJ Delorie
2019-06-18 6:12 ` Florian Weimer
2019-06-18 13:18 ` Carlos O'Donell
2019-06-18 17:47 ` DJ Delorie
2019-06-18 18:15 ` Carlos O'Donell
2019-06-18 18:28 ` [PATCH v4] " DJ Delorie
2019-06-18 18:58 ` [PATCH v5] " DJ Delorie
2019-06-19 7:45 ` Andreas Schwab
2019-06-19 16:31 ` DJ Delorie
2019-06-19 16:33 ` Florian Weimer
2019-06-19 16:56 ` [PATCH V6] " DJ Delorie
2019-06-20 1:02 ` Carlos O'Donell
2019-06-24 8:19 ` Andreas Schwab
2019-06-24 23:51 ` DJ Delorie
2019-06-25 7:56 ` Andreas Schwab
2019-06-25 21:29 ` DJ Delorie [this message]
2019-06-25 21:36 ` [PATCHv7] " Florian Weimer
2019-06-28 13:38 ` Florian Weimer
2019-06-28 19:20 ` DJ Delorie
2019-06-28 19:23 ` Florian Weimer
2019-06-28 19:29 ` DJ Delorie
2019-06-28 22:32 ` [PATCHv8] " DJ Delorie
2019-07-08 23:22 ` DJ Delorie
2019-07-10 9:51 ` Florian Weimer
2019-07-10 18:52 ` DJ Delorie
2019-07-12 0:12 ` Rafal Luzynski
2019-07-12 4:21 ` DJ Delorie
2019-07-12 10:24 ` Rafal Luzynski
2019-07-12 11:36 ` Carlos O'Donell
2019-07-12 20:19 ` DJ Delorie
2019-07-13 2:09 ` Carlos O'Donell
2019-07-13 3:13 ` DJ Delorie
2019-07-18 18:20 ` Carlos O'Donell
2019-07-18 18:44 ` DJ Delorie
2019-07-16 9:54 ` CI/CD in glibc (was: nss_db: protect against empty mappings) Rafal Luzynski
2019-07-16 12:00 ` CI/CD in glibc Florian Weimer
2019-07-16 20:14 ` Carlos O'Donell
2019-07-17 17:58 ` Zack Weinberg
2019-07-17 19:05 ` Florian Weimer
2019-07-12 19:58 ` [PATCHv8] nss_db: protect against empty mappings DJ Delorie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xnd0j1uzf2.fsf@greed.delorie.com \
--to=dj@redhat.com \
--cc=carlos@redhat.com \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=schwab@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).