aboutsummaryrefslogtreecommitdiff
path: root/nss/nss_compat
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2020-05-19 14:09:38 +0200
committerFlorian Weimer <fweimer@redhat.com>2020-05-19 14:09:57 +0200
commit790b8dda4455865cb8c3a47801f4304c1a43baf6 (patch)
treef410f4425e93ec71223199ef2075574758bb1541 /nss/nss_compat
parent765de945efc5d5602999b2999fe8abdf04881370 (diff)
downloadglibc-790b8dda4455865cb8c3a47801f4304c1a43baf6.zip
glibc-790b8dda4455865cb8c3a47801f4304c1a43baf6.tar.gz
glibc-790b8dda4455865cb8c3a47801f4304c1a43baf6.tar.bz2
nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976]
During cleanup, before returning from get*_r functions, the end*ent calls must not change errno. Otherwise, an ERANGE error from the underlying implementation can be hidden, causing unexpected lookup failures. This commit introduces an internal_end*ent_noerror function which saves and restore errno, and marks the original internal_end*ent function as warn_unused_result, so that it is used only in contexts were errors from it can be handled explicitly. Reviewed-by: DJ Delorie <dj@redhat.com>
Diffstat (limited to 'nss/nss_compat')
-rw-r--r--nss/nss_compat/compat-grp.c15
-rw-r--r--nss/nss_compat/compat-initgroups.c13
-rw-r--r--nss/nss_compat/compat-pwd.c15
-rw-r--r--nss/nss_compat/compat-spwd.c14
4 files changed, 46 insertions, 11 deletions
diff --git a/nss/nss_compat/compat-grp.c b/nss/nss_compat/compat-grp.c
index 14aadc6..d4f750b 100644
--- a/nss/nss_compat/compat-grp.c
+++ b/nss/nss_compat/compat-grp.c
@@ -144,7 +144,7 @@ _nss_compat_setgrent (int stayopen)
}
-static enum nss_status
+static enum nss_status __attribute_warn_unused_result__
internal_endgrent (ent_t *ent)
{
if (ent->stream != NULL)
@@ -165,6 +165,15 @@ internal_endgrent (ent_t *ent)
return NSS_STATUS_SUCCESS;
}
+/* Like internal_endgrent, but preserve errno in all cases. */
+static void
+internal_endgrent_noerror (ent_t *ent)
+{
+ int saved_errno = errno;
+ enum nss_status unused __attribute__ ((unused)) = internal_endgrent (ent);
+ __set_errno (saved_errno);
+}
+
enum nss_status
_nss_compat_endgrent (void)
{
@@ -485,7 +494,7 @@ _nss_compat_getgrnam_r (const char *name, struct group *grp,
if (result == NSS_STATUS_SUCCESS)
result = internal_getgrnam_r (name, grp, &ent, buffer, buflen, errnop);
- internal_endgrent (&ent);
+ internal_endgrent_noerror (&ent);
return result;
}
@@ -614,7 +623,7 @@ _nss_compat_getgrgid_r (gid_t gid, struct group *grp,
if (result == NSS_STATUS_SUCCESS)
result = internal_getgrgid_r (gid, grp, &ent, buffer, buflen, errnop);
- internal_endgrent (&ent);
+ internal_endgrent_noerror (&ent);
return result;
}
diff --git a/nss/nss_compat/compat-initgroups.c b/nss/nss_compat/compat-initgroups.c
index 67a4c10..3671bef 100644
--- a/nss/nss_compat/compat-initgroups.c
+++ b/nss/nss_compat/compat-initgroups.c
@@ -134,7 +134,7 @@ internal_setgrent (ent_t *ent)
}
-static enum nss_status
+static enum nss_status __attribute_warn_unused_result__
internal_endgrent (ent_t *ent)
{
if (ent->stream != NULL)
@@ -158,6 +158,15 @@ internal_endgrent (ent_t *ent)
return NSS_STATUS_SUCCESS;
}
+/* Like internal_endgrent, but preserve errno in all cases. */
+static void
+internal_endgrent_noerror (ent_t *ent)
+{
+ int saved_errno = errno;
+ enum nss_status unused __attribute__ ((unused)) = internal_endgrent (ent);
+ __set_errno (saved_errno);
+}
+
/* Add new group record. */
static void
add_group (long int *start, long int *size, gid_t **groupsp, long int limit,
@@ -502,7 +511,7 @@ _nss_compat_initgroups_dyn (const char *user, gid_t group, long int *start,
done:
scratch_buffer_free (&tmpbuf);
- internal_endgrent (&intern);
+ internal_endgrent_noerror (&intern);
return status;
}
diff --git a/nss/nss_compat/compat-pwd.c b/nss/nss_compat/compat-pwd.c
index dfb454f..394e39b 100644
--- a/nss/nss_compat/compat-pwd.c
+++ b/nss/nss_compat/compat-pwd.c
@@ -261,7 +261,7 @@ _nss_compat_setpwent (int stayopen)
}
-static enum nss_status
+static enum nss_status __attribute_warn_unused_result__
internal_endpwent (ent_t *ent)
{
if (ent->stream != NULL)
@@ -289,6 +289,15 @@ internal_endpwent (ent_t *ent)
return NSS_STATUS_SUCCESS;
}
+/* Like internal_endpwent, but preserve errno in all cases. */
+static void
+internal_endpwent_noerror (ent_t *ent)
+{
+ int saved_errno = errno;
+ enum nss_status unused __attribute__ ((unused)) = internal_endpwent (ent);
+ __set_errno (saved_errno);
+}
+
enum nss_status
_nss_compat_endpwent (void)
{
@@ -824,7 +833,7 @@ _nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
if (result == NSS_STATUS_SUCCESS)
result = internal_getpwnam_r (name, pwd, &ent, buffer, buflen, errnop);
- internal_endpwent (&ent);
+ internal_endpwent_noerror (&ent);
return result;
}
@@ -1063,7 +1072,7 @@ _nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
if (result == NSS_STATUS_SUCCESS)
result = internal_getpwuid_r (uid, pwd, &ent, buffer, buflen, errnop);
- internal_endpwent (&ent);
+ internal_endpwent_noerror (&ent);
return result;
}
diff --git a/nss/nss_compat/compat-spwd.c b/nss/nss_compat/compat-spwd.c
index 0a1fde1..ec5bf28 100644
--- a/nss/nss_compat/compat-spwd.c
+++ b/nss/nss_compat/compat-spwd.c
@@ -217,7 +217,7 @@ _nss_compat_setspent (int stayopen)
}
-static enum nss_status
+static enum nss_status __attribute_warn_unused_result__
internal_endspent (ent_t *ent)
{
if (ent->stream != NULL)
@@ -246,6 +246,15 @@ internal_endspent (ent_t *ent)
return NSS_STATUS_SUCCESS;
}
+/* Like internal_endspent, but preserve errno in all cases. */
+static void
+internal_endspent_noerror (ent_t *ent)
+{
+ int saved_errno = errno;
+ enum nss_status unused __attribute__ ((unused)) = internal_endspent (ent);
+ __set_errno (saved_errno);
+}
+
enum nss_status
_nss_compat_endspent (void)
{
@@ -263,7 +272,6 @@ _nss_compat_endspent (void)
return result;
}
-
static enum nss_status
getspent_next_nss_netgr (const char *name, struct spwd *result, ent_t *ent,
char *group, char *buffer, size_t buflen,
@@ -788,7 +796,7 @@ _nss_compat_getspnam_r (const char *name, struct spwd *pwd,
if (result == NSS_STATUS_SUCCESS)
result = internal_getspnam_r (name, pwd, &ent, buffer, buflen, errnop);
- internal_endspent (&ent);
+ internal_endspent_noerror (&ent);
return result;
}