mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-23 01:33:36 +08:00
nss_db allows for getpwent et al to be called without a set*ent, but it only works once. After the last get*ent a set*ent is required to restart, because the end*ent did not properly reset the module. Resetting it to NULL allows for a proper restart. If the database doesn't exist, however, end*ent erroniously called munmap which set errno. The test case runs "makedb" inside the testroot, so needs selinux DSOs installed.
This commit is contained in:
parent
30ba037546
commit
99135114ba
16
ChangeLog
16
ChangeLog
@ -1,3 +1,19 @@
|
||||
2019-07-10 DJ Delorie <dj@redhat.com>
|
||||
Sergei Trofimovich <slyfox@inbox.ru>
|
||||
|
||||
[BZ #24696]
|
||||
[BZ #24695]
|
||||
* nss/nss_db/db-open.c (internal_endent): Protect against NULL
|
||||
mappings.
|
||||
* nss/tst-nss-db-endgrent.c: New.
|
||||
* nss/tst-nss-db-endgrent.root: New.
|
||||
* nss/tst-nss-db-endpwent.c: New.
|
||||
* nss/tst-nss-db-endpwent.root: New.
|
||||
* nss/Makefile: Add new tests.
|
||||
* support/links-dso-program-c.c: Add selinux dependency.
|
||||
* support/links-dso-program.cc: Add selinux dependency.
|
||||
* support/Makefile: Build those with -lselinux if enabled.
|
||||
|
||||
2019-07-10 Szabolcs Nagy <szabolcs.nagy@arm.com>
|
||||
|
||||
* sysdeps/aarch64/dl-machine.h (elf_machine_runtime_setup): Remove the
|
||||
|
@ -61,7 +61,9 @@ xtests = bug-erange
|
||||
|
||||
tests-container = \
|
||||
tst-nss-test3 \
|
||||
tst-nss-files-hosts-long
|
||||
tst-nss-files-hosts-long \
|
||||
tst-nss-db-endpwent \
|
||||
tst-nss-db-endgrent
|
||||
|
||||
# Tests which need libdl
|
||||
ifeq (yes,$(build-shared))
|
||||
|
@ -63,5 +63,9 @@ internal_setent (const char *file, struct nss_db_map *mapping)
|
||||
void
|
||||
internal_endent (struct nss_db_map *mapping)
|
||||
{
|
||||
munmap (mapping->header, mapping->len);
|
||||
if (mapping->header != NULL)
|
||||
{
|
||||
munmap (mapping->header, mapping->len);
|
||||
mapping->header = NULL;
|
||||
}
|
||||
}
|
||||
|
54
nss/tst-nss-db-endgrent.c
Normal file
54
nss/tst-nss-db-endgrent.c
Normal file
@ -0,0 +1,54 @@
|
||||
/* Test for endgrent changing errno for BZ #24696
|
||||
Copyright (C) 2019 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<http://www.gnu.org/licenses/>. */
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
#include <grp.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include <support/check.h>
|
||||
#include <support/support.h>
|
||||
|
||||
/* The following test verifies that if the db NSS Service is initialized
|
||||
with no database (getgrent), that a subsequent closure (endgrent) does
|
||||
not set errno. In the case of the db service it is not an error to close
|
||||
the service and so it should not set errno. */
|
||||
|
||||
static int
|
||||
do_test (void)
|
||||
{
|
||||
/* Just make sure it's not there, although usually it won't be. */
|
||||
unlink ("/var/db/group.db");
|
||||
|
||||
/* This, in conjunction with the testroot's nsswitch.conf, causes
|
||||
the nss_db module to be "connected" and initialized - but the
|
||||
testroot has no group.db, so no mapping will be created. */
|
||||
getgrent ();
|
||||
|
||||
errno = 0;
|
||||
|
||||
/* Before the fix, this would call munmap (NULL) and set errno. */
|
||||
endgrent ();
|
||||
|
||||
if (errno != 0)
|
||||
FAIL_EXIT1 ("endgrent set errno to %d\n", errno);
|
||||
|
||||
return 0;
|
||||
}
|
||||
#include <support/test-driver.c>
|
1
nss/tst-nss-db-endgrent.root/etc/nsswitch.conf
Normal file
1
nss/tst-nss-db-endgrent.root/etc/nsswitch.conf
Normal file
@ -0,0 +1 @@
|
||||
group : db files
|
66
nss/tst-nss-db-endpwent.c
Normal file
66
nss/tst-nss-db-endpwent.c
Normal file
@ -0,0 +1,66 @@
|
||||
/* Test for endpwent->getpwent crash for BZ #24695
|
||||
Copyright (C) 2019 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<http://www.gnu.org/licenses/>. */
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <pwd.h>
|
||||
|
||||
#include <support/support.h>
|
||||
#include <support/check.h>
|
||||
|
||||
/* It is entirely allowed to start with a getpwent call without
|
||||
resetting the state of the service via a call to setpwent.
|
||||
You can also call getpwent more times than you have entries in
|
||||
the service, and it should not fail. This test iteratates the
|
||||
database once, gets to the end, and then attempts a second
|
||||
iteration to look for crashes. */
|
||||
|
||||
static void
|
||||
try_it (void)
|
||||
{
|
||||
struct passwd *pw;
|
||||
|
||||
/* setpwent is intentionally omitted here. The first call to
|
||||
getpwent detects that it's first and initializes. The second
|
||||
time try_it is called, this "first call" was not detected before
|
||||
the fix, and getpwent would crash. */
|
||||
|
||||
while ((pw = getpwent ()) != NULL)
|
||||
;
|
||||
|
||||
/* We only care if this segfaults or not. */
|
||||
endpwent ();
|
||||
}
|
||||
|
||||
static int
|
||||
do_test (void)
|
||||
{
|
||||
char *cmd;
|
||||
|
||||
cmd = xasprintf ("%s/makedb -o /var/db/passwd.db /var/db/passwd.in",
|
||||
support_bindir_prefix);
|
||||
system (cmd);
|
||||
free (cmd);
|
||||
|
||||
try_it ();
|
||||
try_it ();
|
||||
|
||||
return 0;
|
||||
}
|
||||
#include <support/test-driver.c>
|
1
nss/tst-nss-db-endpwent.root/etc/nsswitch.conf
Normal file
1
nss/tst-nss-db-endpwent.root/etc/nsswitch.conf
Normal file
@ -0,0 +1 @@
|
||||
passwd: db
|
4
nss/tst-nss-db-endpwent.root/var/db/passwd.in
Normal file
4
nss/tst-nss-db-endpwent.root/var/db/passwd.in
Normal file
@ -0,0 +1,4 @@
|
||||
.root root:x:0:0:root:/root:/bin/bash
|
||||
=0 root:x:0:0:root:/root:/bin/bash
|
||||
.bin bin:x:1:1:bin:/bin:/sbin/nologin
|
||||
=1 bin:x:1:1:bin:/bin:/sbin/nologin
|
@ -191,6 +191,11 @@ LINKS_DSO_PROGRAM = links-dso-program
|
||||
LDLIBS-links-dso-program = -lstdc++ -lgcc -lgcc_s $(libunwind)
|
||||
endif
|
||||
|
||||
ifeq (yes,$(have-selinux))
|
||||
LDLIBS-$(LINKS_DSO_PROGRAM) += -lselinux
|
||||
endif
|
||||
|
||||
|
||||
LDLIBS-test-container = $(libsupport)
|
||||
|
||||
others += test-container
|
||||
|
@ -1,9 +1,26 @@
|
||||
#include <stdio.h>
|
||||
|
||||
/* makedb needs selinux dso's. */
|
||||
#ifdef HAVE_SELINUX
|
||||
# include <selinux/selinux.h>
|
||||
#endif
|
||||
|
||||
/* The purpose of this file is to indicate to the build system which
|
||||
shared objects need to be copied into the testroot, such as gcc or
|
||||
selinux support libraries. This program is never executed, only
|
||||
scanned for dependencies on shared objects, so the code below may
|
||||
seem weird - it's written to survive gcc optimization and force
|
||||
such dependencies.
|
||||
*/
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
{
|
||||
/* Complexity to keep gcc from optimizing this away. */
|
||||
printf ("This is a test %s.\n", argc > 1 ? argv[1] : "null");
|
||||
#ifdef HAVE_SELINUX
|
||||
/* This exists to force libselinux.so to be required. */
|
||||
printf ("selinux %d\n", is_selinux_enabled ());
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,11 +1,28 @@
|
||||
#include <iostream>
|
||||
|
||||
/* makedb needs selinux dso's. */
|
||||
#ifdef HAVE_SELINUX
|
||||
# include <selinux/selinux.h>
|
||||
#endif
|
||||
|
||||
using namespace std;
|
||||
|
||||
/* The purpose of this file is to indicate to the build system which
|
||||
shared objects need to be copied into the testroot, such as gcc or
|
||||
selinux support libraries. This program is never executed, only
|
||||
scanned for dependencies on shared objects, so the code below may
|
||||
seem weird - it's written to survive gcc optimization and force
|
||||
such dependencies.
|
||||
*/
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
{
|
||||
/* Complexity to keep gcc from optimizing this away. */
|
||||
cout << (argc > 1 ? argv[1] : "null");
|
||||
#ifdef HAVE_SELINUX
|
||||
/* This exists to force libselinux.so to be required. */
|
||||
cout << "selinux " << is_selinux_enabled ();
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user