From dc4bb1c2be1370fafd597602eb2b009cf10c025b Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Mon, 8 Aug 2005 19:04:11 +0000 Subject: * posix/bits/unistd.h (confstr, getgroups, ttyname_r, gethostname, getdomainname): Add __NTH. * stdlib/bits/stdlib.h (ptsname_r, wctomb, mbstowcs, wcstombs): Likewise. (realpath): Likewise. Use __const instead of const. Add __restrict keywords. * socket/bits/socket2.h (recvfrom): Add __restrict keyword to __buf. * wcsmbs/bits/wchar2.h (wmemcpy, wmemmove, wmempcpy, wmemset, wcscpy, wcpcpy, wcsncpy, wcpncpy, wcscat, wcsncat, vswprintf, wcrtomb, mbsrtowcs, wcsrtombs, mbsnrtowcs, wcsnrtombs): Add __NTH. * string/bits/string3.h (__memset_ichk): Likewise. (__memcpy_ichk, __memmove_ichk, __mempcpy_ichk, __strcpy_ichk, __stpcpy_ichk, __strncpy_ichk, stpncpy, __strcat_ichk, __strncat_ichk): Likewise. Use __const instead of const. (__stpncpy_chk): Use __const instead of const. (__stpncpy_alias): Use __REDIRECT_NTH instead of __REDIRECT. 2005-08-08 Ulrich Drepper Jakub Jelinek * nscd/mem.c (BLOCK_ALIGN_LOG, BLOCK_ALIGN, BLOCK_ALIGN_M1): Move definitions to... * nscd/nscd.h (BLOCK_ALIGN_LOG, BLOCK_ALIGN, BLOCK_ALIGN_M1): ...here. * nscd/connections.c (usekey): New enum. (check_use, verify_persistent_db): New functions. (nscd_init): If persistent database is corrupted, unlink it and recreate rather than falling back to non-persistent database. Call verify_persistent_db. Avoid overflows in total computation. 2005-08-08 Ulrich Drepper * iconvdata/utf-16.c (PREPARE_LOOP): Minor cleanups to make code better readable. Avoid passing var to loop function, it's not necessary at all. --- nscd/connections.c | 221 ++++++++++++++++++++++++++++++++++++++++++++++++++++- nscd/mem.c | 10 +-- nscd/nscd.h | 7 +- 3 files changed, 225 insertions(+), 13 deletions(-) (limited to 'nscd') diff --git a/nscd/connections.c b/nscd/connections.c index 347862e..808ea33 100644 --- a/nscd/connections.c +++ b/nscd/connections.c @@ -199,6 +199,210 @@ writeall (int fd, const void *buf, size_t len) } +enum usekey + { + use_not = 0, + /* The following three are not really used, they are symbolic constants. */ + use_first = 16, + use_begin = 32, + use_end = 64, + + use_he = 1, + use_he_begin = use_he | use_begin, + use_he_end = use_he | use_end, +#if SEPARATE_KEY + use_key = 2, + use_key_begin = use_key | use_begin, + use_key_end = use_key | use_end, + use_key_first = use_key_begin | use_first, +#endif + use_data = 3, + use_data_begin = use_data | use_begin, + use_data_end = use_data | use_end, + use_data_first = use_data_begin | use_first + }; + + +static int +check_use (const char *data, nscd_ssize_t first_free, uint8_t *usemap, + enum usekey use, ref_t start, size_t len) +{ + assert (len >= 2); + + if (start > first_free || start + len > first_free + || (start & BLOCK_ALIGN_M1)) + return 0; + + if (usemap[start] == use_not) + { + /* Add the start marker. */ + usemap[start] = use | use_begin; + use &= ~use_first; + + while (--len > 0) + if (usemap[++start] != use_not) + return 0; + else + usemap[start] = use; + + /* Add the end marker. */ + usemap[start] = use | use_end; + } + else if ((usemap[start] & ~use_first) == ((use | use_begin) & ~use_first)) + { + /* Hash entries can't be shared. */ + if (use == use_he) + return 0; + + usemap[start] |= (use & use_first); + use &= ~use_first; + + while (--len > 1) + if (usemap[++start] != use) + return 0; + + if (usemap[++start] != (use | use_end)) + return 0; + } + else + /* Points to a wrong object or somewhere in the middle. */ + return 0; + + return 1; +} + + +/* Verify data in persistent database. */ +static int +verify_persistent_db (void *mem, struct database_pers_head *readhead, int dbnr) +{ + assert (dbnr == pwddb || dbnr == grpdb || dbnr == hstdb); + + time_t now = time (NULL); + + struct database_pers_head *head = mem; + struct database_pers_head head_copy = *head; + + /* Check that the header that was read matches the head in the database. */ + if (readhead != NULL && memcmp (head, readhead, sizeof (*head)) != 0) + return 0; + + /* First some easy tests: make sure the database header is sane. */ + if (head->version != DB_VERSION + || head->header_size != sizeof (*head) + /* We allow a timestamp to be one hour ahead of the current time. + This should cover daylight saving time changes. */ + || head->timestamp > now + 60 * 60 + 60 + || (head->gc_cycle & 1) + || (size_t) head->module > INT32_MAX / sizeof (ref_t) + || (size_t) head->data_size > INT32_MAX - head->module * sizeof (ref_t) + || head->first_free < 0 + || head->first_free > head->data_size + || (head->first_free & BLOCK_ALIGN_M1) != 0 + || head->maxnentries < 0 + || head->maxnsearched < 0) + return 0; + + uint8_t *usemap = calloc (head->first_free, 1); + if (usemap == NULL) + return 0; + + const char *data = (char *) &head->array[roundup (head->module, + ALIGN / sizeof (ref_t))]; + + nscd_ssize_t he_cnt = 0; + for (nscd_ssize_t cnt = 0; cnt < head->module; ++cnt) + { + ref_t work = head->array[cnt]; + + while (work != ENDREF) + { + if (! check_use (data, head->first_free, usemap, use_he, work, + sizeof (struct hashentry))) + goto fail; + + /* Now we know we can dereference the record. */ + struct hashentry *here = (struct hashentry *) (data + work); + + ++he_cnt; + + /* Make sure the record is for this type of service. */ + if (here->type >= LASTREQ + || serv2db[here->type] != &dbs[dbnr]) + goto fail; + + /* Validate boolean field value. */ + if (here->first != false && here->first != true) + goto fail; + + if (here->len < 0) + goto fail; + + /* Now the data. */ + if (here->packet < 0 + || here->packet > head->first_free + || here->packet + sizeof (struct datahead) > head->first_free) + goto fail; + + struct datahead *dh = (struct datahead *) (data + here->packet); + + if (! check_use (data, head->first_free, usemap, + use_data | (here->first ? use_first : 0), + here->packet, dh->allocsize)) + goto fail; + + if (dh->allocsize < sizeof (struct datahead) + || dh->recsize > dh->allocsize + || (dh->notfound != false && dh->notfound != true) + || (dh->usable != false && dh->usable != true)) + goto fail; + + if (here->key < here->packet + sizeof (struct datahead) + || here->key > here->packet + dh->allocsize + || here->key + here->len > here->packet + dh->allocsize) + { +#if SEPARATE_KEY + /* If keys can appear outside of data, this should be done + instead. But gc doesn't mark the data in that case. */ + if (! check_use (data, head->first_free, usemap, + use_key | (here->first ? use_first : 0), + here->key, here->len)) +#endif + goto fail; + } + + work = here->next; + } + } + + if (he_cnt != head->nentries) + goto fail; + + /* See if all data and keys had at least one reference from + he->first == true hashentry. */ + for (ref_t idx = 0; idx < head->first_free; ++idx) + { +#if SEPARATE_KEY + if (usemap[idx] == use_key_begin) + goto fail; +#endif + if (usemap[idx] == use_data_begin) + goto fail; + } + + /* Finally, make sure the database hasn't changed since the first test. */ + if (memcmp (mem, &head_copy, sizeof (*head)) != 0) + goto fail; + + free (usemap); + return 1; + +fail: + free (usemap); + return 0; +} + + /* Initialize database information structures. */ void nscd_init (void) @@ -242,7 +446,7 @@ nscd_init (void) fail_db: dbg_log (_("invalid persistent database file \"%s\": %s"), dbs[cnt].db_filename, strerror (errno)); - dbs[cnt].persistent = 0; + unlink (dbs[cnt].db_filename); } else if (head.module == 0 && head.data_size == 0) { @@ -255,22 +459,31 @@ nscd_init (void) dbg_log (_("invalid persistent database file \"%s\": %s"), dbs[cnt].db_filename, _("header size does not match")); - dbs[cnt].persistent = 0; + unlink (dbs[cnt].db_filename); } else if ((total = (sizeof (head) + roundup (head.module * sizeof (ref_t), ALIGN) + head.data_size)) - > st.st_size) + > st.st_size + || total < sizeof (head)) { dbg_log (_("invalid persistent database file \"%s\": %s"), dbs[cnt].db_filename, _("file size does not match")); - dbs[cnt].persistent = 0; + unlink (dbs[cnt].db_filename); } else if ((mem = mmap (NULL, total, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0)) == MAP_FAILED) goto fail_db; + else if (!verify_persistent_db (mem, &head, cnt)) + { + munmap (mem, total); + dbg_log (_("invalid persistent database file \"%s\": %s"), + dbs[cnt].db_filename, + _("verification failed")); + unlink (dbs[cnt].db_filename); + } else { /* Success. We have the database. */ diff --git a/nscd/mem.c b/nscd/mem.c index c3a0f96..a1108f3 100644 --- a/nscd/mem.c +++ b/nscd/mem.c @@ -1,5 +1,5 @@ /* Cache memory handling. - Copyright (C) 2004 Free Software Foundation, Inc. + Copyright (C) 2004, 2005 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 2004. @@ -34,12 +34,6 @@ #include "nscd.h" -/* Maximum alignment requirement we will encounter. */ -#define BLOCK_ALIGN_LOG 3 -#define BLOCK_ALIGN (1 << BLOCK_ALIGN_LOG) -#define BLOCK_ALIGN_M1 (BLOCK_ALIGN - 1) - - static int sort_he (const void *p1, const void *p2) { @@ -194,7 +188,7 @@ gc (struct database_dyn *db) highref -= BLOCK_ALIGN; } - /* No we can iterate over the MARK array and find bits which are not + /* Now we can iterate over the MARK array and find bits which are not set. These represent memory which can be recovered. */ size_t byte = 0; /* Find the first gap. */ diff --git a/nscd/nscd.h b/nscd/nscd.h index d5dc613..25a4b38 100644 --- a/nscd/nscd.h +++ b/nscd/nscd.h @@ -1,4 +1,4 @@ -/* Copyright (c) 1998, 1999, 2000, 2001, 2003, 2004 +/* Copyright (c) 1998, 1999, 2000, 2001, 2003, 2004, 2005 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk , 1998. @@ -94,6 +94,11 @@ struct database_dyn /* Path used when not using persistent storage. */ #define _PATH_NSCD_XYZ_DB_TMP "/var/run/nscd/dbXXXXXX" +/* Maximum alignment requirement we will encounter. */ +#define BLOCK_ALIGN_LOG 3 +#define BLOCK_ALIGN (1 << BLOCK_ALIGN_LOG) +#define BLOCK_ALIGN_M1 (BLOCK_ALIGN - 1) + /* Global variables. */ extern struct database_dyn dbs[lastdb]; -- cgit v1.1