aboutsummaryrefslogtreecommitdiff
path: root/nscd
AgeCommit message (Collapse)AuthorFilesLines
2024-05-02nscd: Use time_t for return type of addgetnetgrentXFlorian Weimer1-2/+2
Using int may give false results for future dates (timeouts after the year 2028). Fixes commit 04a21e050d64a1193a6daab872bca2528bda44b ("CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)"). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-05-02nscd: Typo inside comment in netgroup cacheFlorian Weimer1-1/+1
Reported-by: Jonathan Wakely <jwakely@redhat.com>
2024-04-25CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in ↵Florian Weimer1-98/+121
addgetnetgrentX (bug 31680) This avoids potential memory corruption when the underlying NSS callback function does not use the buffer space to store all strings (e.g., for constant strings). Instead of custom buffer management, two scratch buffers are used. This increases stack usage somewhat. Scratch buffer allocation failure is handled by return -1 (an invalid timeout value) instead of terminating the process. This fixes bug 31679. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2024-04-25CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response ↵Florian Weimer1-4/+7
(bug 31678) The addgetnetgrentX call in addinnetgrX may have failed to produce a result, so the result variable in addinnetgrX can be NULL. Use db->negtimeout as the fallback value if there is no result data; the timeout is also overwritten below. Also avoid sending a second not-found response. (The client disconnects after receiving the first response, so the data stream did not go out of sync even without this fix.) It is still beneficial to add the negative response to the mapping, so that the client can get it from there in the future, instead of going through the socket. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2024-04-25CVE-2024-33600: nscd: Do not send missing not-found response in ↵Florian Weimer1-8/+6
addgetnetgrentX (bug 31678) If we failed to add a not-found response to the cache, the dataset point can be null, resulting in a null pointer dereference. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2024-04-25CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)Florian Weimer1-2/+3
Using alloca matches what other caches do. The request length is bounded by MAXKEYLEN. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-01-01Update copyright dates not handled by scripts/update-copyrightsPaul Eggert1-1/+1
I've updated copyright dates in glibc for 2024. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files.
2024-01-01Update copyright dates with scripts/update-copyrightsPaul Eggert39-39/+39
2023-10-24Move 'netgroup' routines from 'inet' into 'nss'Arjun Shankar1-1/+1
These netgroup routines are entry points for nss functionality. This commit moves them along with netgroup.h from the 'inet' subdirectory to 'nss', and adjusts any references accordingly. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-10-24Remove 'grp' and merge into 'nss' and 'posix'Arjun Shankar1-1/+1
The majority of grp routines are entry points for nss functionality. This commit removes the 'grp' subdirectory and moves all nss-relevant functionality and all tests to 'nss', and the 'setgroups' stub into 'posix' (alongside the 'getgroups' stub). References to grp/ are accordingly changed. In addition, compat-initgroups.c, a fallback implementation of initgroups is renamed to initgroups-fallback.c so that the build system does not confuse it for nss_compat/compat-initgroups.c. Build time improves very slightly; e.g. down from an average of 45.5s to 44.5s on an 8-thread mobile x86_64 CPU. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-08-29nscd: Skip unusable entries in first pass in prune_cache (bug 30800)Florian Weimer1-14/+11
Previously, if an entry was marked unusable for any reason, but had not timed out yet, the assert would trigger. One way to get into such state is if a data change is detected during re-validation of an entry. This causes the entry to be marked as not usable. If exits nscd soon after that, then the clock jumps backwards, and nscd restarted, the cache re-validation run after startup triggers the removed assert. The change is more complicated than just the removal of the assert because entries marked as not usable should be garbage-collected in the second pass. To make this happen, it is necessary to update some book-keeping data. Reviewed-by: DJ Delorie <dj@redhat.com>
2023-08-11nscd: Do not rebuild getaddrinfo (bug 30709)Florian Weimer3-51/+12
The nscd daemon caches hosts data from NSS modules verbatim, without filtering protocol families or sorting them (otherwise separate caches would be needed for certain ai_flags combinations). The cache implementation is complete separate from the getaddrinfo code. This means that rebuilding getaddrinfo is not needed. The only function actually used is __bump_nl_timestamp from check_pf.c, and this change moves it into nscd/connections.c. Tested on x86_64-linux-gnu with -fexceptions, built with build-many-glibcs.py. I also backported this patch into a distribution that still supports nscd and verified manually that caching still works. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-07-25nscd: cleanup obsolete _FORTIFY_SOURCE settingSam James1-2/+0
This was added in 233399bce2e79e5af3b344782e9943d5f1a9cdcb just for warn_if_unused warnings rather than anything substantial. Now that we have a proper configure argument for F_S (--enable-fortify-source), just drop this entirely, to avoid conflicting with e.g. detected --enable-fortify-source finding F_S=3, then nscd's Makefile setting F_S=2, resulting in a build-failure because of the redefinition. Signed-off-by: Sam James <sam@gentoo.org> Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> Reviewed-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2023-07-24nscd: Use errval, not errno to guide cache update (bug 30662)Florian Weimer2-2/+2
The errno variable is potentially clobbered by the preceding send call. It is not related to the to-be-cached information. The parallel code in hstcache.c and servicescache.c already uses errval. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-02Fix all the remaining misspellings -- BZ 25337Paul Pluzhnikov7-10/+10
2023-03-27Move libc_freeres_ptrs and libc_subfreeres to hidden/weak functionsAdhemerval Zanella Netto5-5/+10
They are both used by __libc_freeres to free all library malloc allocated resources to help tooling like mtrace or valgrind with memory leak tracking. The current scheme uses assembly markers and linker script entries to consolidate the free routine function pointers in the RELRO segment and to be freed buffers in BSS. This patch changes it to use specific free functions for libc_freeres_ptrs buffers and call the function pointer array directly with call_function_static_weak. It allows the removal of both the internal macros and the linker script sections. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-02-17Use uintptr_t instead of performing pointer subtraction with a null pointerQihao Chencao3-8/+6
Signed-off-by: Qihao Chencao <twose@qq.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-02-17nscd: Remove _STRING_ARCH_unaligned usageAdhemerval Zanella3-10/+0
It only adds a small overhead for unaligned inputs (which should not be common) and unify the code. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Wilco Dijkstra <Wilco.Dijkstra@arm.com>
2023-02-06Replace rawmemchr (s, '\0') with strchrWilco Dijkstra4-9/+9
Almost all uses of rawmemchr find the end of a string. Since most targets use a generic implementation, replacing it with strchr is better since that is optimized by compilers into strlen (s) + s. Also fix the generic rawmemchr implementation to use a cast to unsigned char in the if statement. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-01-06Update copyright dates not handled by scripts/update-copyrightsJoseph Myers1-1/+1
I've updated copyright dates in glibc for 2023. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files.
2023-01-06Update copyright dates with scripts/update-copyrightsJoseph Myers40-40/+40
2022-12-09nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402)Adhemerval Zanella Netto2-2/+2
Although the nscd module is built with 64 bit time_t, the routines linked direct to libc.so need to use the internal symbols. Reviewed-by: DJ Delorie <dj@redhat.com>
2022-10-04nscd: Drop local address tuple variable [BZ #29607]Siddhesh Poyarekar1-3/+2
When a request needs to be resent (e.g. due to insufficient buffer space), the references to subsequent tuples in the local variable are stale and should not be used. This used to work by accident before, but since 1d495912a it no longer does. Instead of trying to reset it, just let gethostbyname4_r write into TUMPBUF6 for us, thus maintaining a consistent state at all times. This is now consistent with what is done in gaih_inet for getaddrinfo. Resolves: BZ #29607 Reported-by: Holger Hoffstätte <holger@applied-asynchrony.com> Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-09-23Use C11 atomics instead of atomic_increment(_val)Wilco Dijkstra2-2/+2
Replace atomic_increment and atomic_increment_val with atomic_fetch_add_relaxed. One case in sem_post.c uses release semantics (see comment above it). The others are simple counters and do not protect any shared data from concurrent accesses. Passes regress on AArch64. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-09-09Use C11 atomics instead of atomic_decrement(_val)Wilco Dijkstra9-10/+10
Replace atomic_decrement and atomic_decrement_val with atomic_fetch_add_relaxed. Reviewed-by: DJ Delorie <dj@redhat.com>
2022-08-29nscd: Fix netlink cache invalidation if epoll is used [BZ #29415]Fabian Vogt1-1/+2
Processes cache network interface information such as whether IPv4 or IPv6 are enabled. This is only checked again if the "netlink timestamp" provided by nscd changed, which is triggered by netlink socket activity. However, in the epoll handler for the netlink socket, it was missed to assign the new timestamp to the nscd database. The handler for plain poll did that properly, copy that over. This bug caused that e.g. processes which started before network configuration got unusuable addresses from getaddrinfo, like IPv6 only even though only IPv4 is available: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1041 It's a bit hard to reproduce, so I verified this by checking the timestamp on calls to __check_pf manually. Without this patch it's stuck at 1, now it's increasing on network changes as expected. Signed-off-by: Fabian Vogt <fvogt@suse.de>
2022-03-23nscd: Remove unused variableAdhemerval Zanella1-5/+1
2022-01-01Update copyright dates not handled by scripts/update-copyrights.Paul Eggert1-1/+1
I've updated copyright dates in glibc for 2022. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. As well as the usual annual updates, mainly dates in --version output (minus csu/version.c which previously had to be handled manually but is now successfully updated by update-copyrights), there is a small change to the copyright notice in NEWS which should let NEWS get updated automatically next year. Please remember to include 2022 in the dates for any new files added in future (which means updating any existing uncommitted patches you have that add new files to use the new copyright dates in them).
2022-01-01Update copyright dates with scripts/update-copyrightsPaul Eggert40-40/+40
I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2021-09-03Remove "Contributed by" linesSiddhesh Poyarekar38-38/+0
We stopped adding "Contributed by" or similar lines in sources in 2012 in favour of git logs and keeping the Contributors section of the glibc manual up to date. Removing these lines makes the license header a bit more consistent across files and also removes the possibility of error in attribution when license blocks or files are copied across since the contributed-by lines don't actually reflect reality in those cases. Move all "Contributed by" and similar lines (Written by, Test by, etc.) into a new file CONTRIBUTED-BY to retain record of these contributions. These contributors are also mentioned in manual/contrib.texi, so we just maintain this additional record as a courtesy to the earlier developers. The following scripts were used to filter a list of files to edit in place and to clean up the CONTRIBUTED-BY file respectively. These were not added to the glibc sources because they're not expected to be of any use in future given that this is a one time task: https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-06-22Use 64 bit time_t stat internallyAdhemerval Zanella1-2/+2
For the legacy ABI with supports 32-bit time_t it calls the 64-bit time directly, since the LFS symbols calls the 64-bit time_t ones internally. Checked on i686-linux-gnu and x86_64-linux-gnu. Reviewed-by: Lukasz Majewski <lukma@denx.de>
2021-03-09nss: fix nss_database_lookup2's alternate handling [BZ #27416]DJ Delorie3-6/+3
__nss_database_lookup2's extra arguments were left unused in the nsswitch reloading patch set; this broke compat (default config ignored) and shadow files (secondary name ignored) which relies on these fallbacks. This patch adds in the previous behavior by correcting the initialization of the database list to reflect the fallbacks. This means that the nss_database_lookup2 interface no longer needs to be passed the fallback info, so API and callers were adjusted. Since all callers needed to be edited anyway, the calls were changed from __nss_database_lookup2 to the faster __nss_database_get. This was an intended optimization which was deferred during the initial lookup changes to avoid touching so many files. The test case verifies that compat targets work (passwd) and that the default configuration works (group). Tested on x86-64.
2021-03-02nscd: Fix double free in netgroupcache [BZ #27462]DJ Delorie1-2/+2
In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free was fixed, but this led to an occasional double-free. This patch tracks the "live" allocation better. Tested manually by a third party. Related: RHBZ 1927877 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-01-02Update copyright dates not handled by scripts/update-copyrights.Paul Eggert1-1/+1
I've updated copyright dates in glibc for 2021. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. As well as the usual annual updates, mainly dates in --version output (minus csu/version.c which previously had to be handled manually but is now successfully updated by update-copyrights), there is a small change to the copyright notice in NEWS which should let NEWS get updated automatically next year. Please remember to include 2021 in the dates for any new files added in future (which means updating any existing uncommitted patches you have that add new files to use the new copyright dates in them).
2021-01-02Update copyright dates with scripts/update-copyrightsPaul Eggert40-40/+40
I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
2020-12-04nsswitch: use new internal API (callers)DJ Delorie5-19/+14
Stitch new ABI and types throughout all NSS callers. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-10-09Remove stat wrapper functions, move them to exported symbolsAdhemerval Zanella1-0/+5
This patch removes the stat, stat64, lstat, lstat64, fstat, fstat64, fstatat, and fstatat64 static wrapper and add the symbol on the libc with the expected names. Both the prototypes of the internal symbol linked by the static wrappers and the inline redirectors are also removed from the installed sys/stat.h header file. The wrapper implementation license LGPL exception is also removed since it is no longer statically linked to binaries. Internally the _STAT_VER* definitions are moved to a arch-specific xstatver.h file. The internal defines that redirects internals {f}stat{at} to their {f}xstat{at} counterparts are removed for Linux (!NO_RTLD_HIDDEN). Hurd still requires them since {f}stat{at} pulls extra objects that makes the loader build fail otherwise (I haven't dig into why exactly). Checked with a build for all affected ABIs. I also checked on x86_64, i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x. Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-09-17nscd: bump GC cycle during cache pruning (bug 26130)Andreas Schwab2-2/+11
While nscd prunes a cache it becomes inconsistent temporarily, which is visible to clients if that cache is shared. Bump the GC cycle counter so that the clients notice the modification window. Uniformly use atomic_fetch_add to modify the GC cycle counter.
2020-09-11Remove internal usage of extensible stat functionsAdhemerval Zanella1-1/+1
It replaces the internal usage of __{f,l}xstat{at}{64} with the __{f,l}stat{at}{64}. It should not change the generate code since sys/stat.h explicit defines redirections to internal calls back to xstat* symbols. Checked with a build for all affected ABIs. I also check on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-07-23Disable warnings due to deprecated libselinux symbols used by nss and nscdArjun Shankar1-0/+15
The SELinux API deprecated several symbols in its 3.1 release, including security_context_t, matchpathcon, avc_init, and sidput, which are used in makedb and nscd. While the usage of these should eventually be replaced by newer interfaces, this commit disables GCC warnings due to the use of the above symbols. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
2020-07-08Remove --enable-obsolete-nsl configure flagPetr Vorel1-7/+1
this means that *always* libnsl is only built as shared library for backward compatibility and the NSS modules libnss_nis and libnss_nisplus are not built at all, libnsl's headers aren't installed. This compatibility is kept only for architectures and ABIs that have been added in or before version 2.28. Replacement implementations based on TIRPC, which additionally support IPv6, are available from <https://github.com/thkukuk/>. This change does not affect libnss_compat which does not depended on libnsl since 2.27 and thus can be used without NIS. libnsl code depends on Sun RPC, e.g. on --enable-obsolete-rpc (installed libnsl headers use installed Sun RPC headers), which will be removed in the following commit.
2020-05-05y2038: nscd: Modify nscd_helper to use __clock_gettime64Lukasz Majewski1-8/+9
The nscd/nscd_helper.c uses __clock_gettime to get current time and on this basis calculate the relative timeout for poll. By using __clock_gettime64 on systems with __WORDSIZE == 32 && __TIMESIZE != 64 the timeout is correctly calculated after time_t overflow.
2020-03-17nscd/cachedumper.c : fix whitespaceDJ Delorie1-4/+4
2020-03-16Fix nscd/cachedumper.c compile errorsDJ Delorie1-6/+8
2020-03-13nscd: add cache dumperDJ Delorie4-1/+389
2020-02-13nss: Add function types and NSS_DECLARE_MODULE_FUNCTIONS macro to <nss.h>Florian Weimer1-18/+5
This macro allows to add type safety to the implementation of NSS service modules. Reviewed-by: DJ Delorie <dj@redhat.com>
2020-01-01Update copyright dates not handled by scripts/update-copyrights.Joseph Myers1-1/+1
I've updated copyright dates in glibc for 2020. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. As well as the usual annual updates, mainly dates in --version output (minus libc.texinfo which previously had to be handled manually but is now successfully updated by update-copyrights), there is a fix to sysdeps/unix/sysv/linux/powerpc/bits/termios-c_lflag.h where a typo in the copyright notice meant it failed to be updated automatically. Please remember to include 2020 in the dates for any new files added in future (which means updating any existing uncommitted patches you have that add new files to use the new copyright dates in them).
2020-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers39-39/+39
2019-10-30Change most internal uses of time to __clock_gettime.Adhemerval Zanella2-3/+3
As for gettimeofday, time will be implemented based on clock_gettime on all platforms and internal code should use clock_gettime directly. In addition to removing a layer of indirection, this will allow us to remove the PLT-bypass gunk for gettimeofday. The changed code always assumes __clock_gettime (CLOCK_REALTIME) or __clock_gettime (CLOCK_REALTIME_COARSE) (for Linux case) cannot fail, using the same rationale for gettimeofday change. And internal helper was added (time_now). Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu, powerpc64-linux-gnu, and powerpc-linux-gnu. Reviewed-by: Lukasz Majewski <lukma@denx.de>
2019-10-30Change most internal uses of __gettimeofday to __clock_gettime.Zack Weinberg1-12/+12
Since gettimeofday will shortly be implemented in terms of clock_gettime on all platforms, internal code should use clock_gettime directly; in addition to removing a layer of indirection, this will allow us to remove the PLT-bypass gunk for gettimeofday. (We can't quite do that yet, but it'll be coming later in this patch series.) In many cases, the changed code does fewer conversions. The changed code always assumes __clock_gettime (CLOCK_REALTIME) cannot fail. Most of the call sites were assuming gettimeofday could not fail, but a few places were checking for errors. POSIX says clock_gettime can only fail if the clock constant is invalid or unsupported, and CLOCK_REALTIME is the one and only clock constant that's required to be supported. For consistency I grepped the entire source tree for any other places that checked for errors from __clock_gettime (CLOCK_REALTIME), found one, and changed it too. (For the record, POSIX also says gettimeofday can never fail.) (It would be nice if we could declare that GNU systems will always support CLOCK_MONOTONIC as well as CLOCK_REALTIME; there are several places where we are using CLOCK_REALTIME where _MONOTONIC would be more appropriate, and/or trying to use _MONOTONIC and then falling back to _REALTIME. But the Hurd doesn't support CLOCK_MONOTONIC yet, and it looks like adding it would involve substantial changes to gnumach's internals and API. Oh well.) A few Hurd-specific files were changed to use __host_get_time instead of __clock_gettime, as this seemed tidier. We also assume this cannot fail. Skimming the code in gnumach leads me to believe the only way it could fail is if __mach_host_self also failed, and our Hurd-specific code consistently assumes that can't happen, so I'm going with that. With the exception of support/support_test_main.c, test cases are not modified, mainly because I didn't want to have to figure out which test cases were testing gettimeofday specifically. The definition of GETTIME in sysdeps/generic/memusage.h had a typo and was not reading tv_sec at all. I fixed this. It appears nobody has been generating malloc traces on a machine that doesn't have a superseding definition. There are a whole bunch of places where the code could be simplified by factoring out timespec subtraction and/or comparison logic, but I want to keep this patch as mechanical as possible. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu, powerpc64-linux-gnu, powerpc-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Lukasz Majewski <lukma@denx.de>