diff options
| author | Siddhesh Poyarekar <siddhesh@redhat.com> | 2014-03-27 07:15:22 +0530 |
|---|---|---|
| committer | Aurelien Jarno <aurelien@aurel32.net> | 2015-12-20 17:40:49 +0100 |
| commit | 2f3bd411aefa9747f17740e9ab06676d51241098 (patch) | |
| tree | fda2959f4046e991fd0e0cb834f5941619ad3f2e | |
| parent | 60f10f2326aa47c7f49b752c1730e084b2319aa7 (diff) | |
| download | glibc-2f3bd411aefa9747f17740e9ab06676d51241098.zip glibc-2f3bd411aefa9747f17740e9ab06676d51241098.tar.gz glibc-2f3bd411aefa9747f17740e9ab06676d51241098.tar.bz2 | |
Fix nscd lookup for innetgr when netgroup has wildcards (BZ #16758)
nscd works correctly when the request in innetgr is a wildcard,
i.e. when one or more of host, user or domain parameters is NULL.
However, it does not work when the the triplet in the netgroup
definition has a wildcard. This is easy to reproduce for a triplet
defined as follows:
foonet (,foo,)
Here, an innetgr call that looks like this:
innetgr ("foonet", "foohost", "foo", NULL);
should succeed and so should:
innetgr ("foonet", NULL, "foo", "foodomain");
It does succeed with nscd disabled, but not with nscd enabled. This
fix adds this additional check for all three parts of the triplet so
that it gives the correct result.
[BZ #16758]
* nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
blank values.
(cherry picked from commit fbd6b5a4052316f7eb03c4617eebfaafc59dcc06)
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | nscd/netgroupcache.c | 10 |
3 files changed, 16 insertions, 6 deletions
@@ -1,3 +1,9 @@ +2015-12-20 Siddhesh Poyarekar <siddhesh@redhat.com> + + [BZ #16758] + * nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has + blank values. + 2015-11-24 Andreas Schwab <schwab@suse.de> [BZ #17062] @@ -9,9 +9,9 @@ Version 2.19.1 * The following bugs are resolved with this release: - 15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885, - 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137, 17153, - 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287. + 15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16878, 16882, + 16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137, + 17153, 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287. * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c index 084f74d..8c619ea 100644 --- a/nscd/netgroupcache.c +++ b/nscd/netgroupcache.c @@ -562,15 +562,19 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, { bool success = true; - if (host != NULL) + /* For the host, user and domain in each triplet, we assume success + if the value is blank because that is how the wildcard entry to + match anything is stored in the netgroup cache. */ + if (host != NULL && *triplets != '\0') success = strcmp (host, triplets) == 0; triplets = (const char *) rawmemchr (triplets, '\0') + 1; - if (success && user != NULL) + if (success && user != NULL && *triplets != '\0') success = strcmp (user, triplets) == 0; triplets = (const char *) rawmemchr (triplets, '\0') + 1; - if (success && (domain == NULL || strcmp (domain, triplets) == 0)) + if (success && (domain == NULL || *triplets == '\0' + || strcmp (domain, triplets) == 0)) { dataset->resp.result = 1; break; |