+2015-05-11 Andreas Schwab <schwab@suse.de>
+
+ [BZ #18007]
+ * nis/nss_compat/compat-grp.c (internal_endgrent): Don't call
+ nss_endgrent.
+ (_nss_compat_endgrent): Call nss_endgrent.
+ * nis/nss_compat/compat-pwd.c (internal_endpwent): Don't call
+ nss_endpwent.
+ (_nss_compat_endpwent): Call nss_endpwent.
+ * nis/nss_compat/compat-spwd.c (internal_setspent): Add parameter
+ needent, call nss_setspent only if non-zero.
+ (_nss_compat_setspent, _nss_compat_getspent_r): Pass non-zero.
+ (internal_endspent): Don't call nss_endspent.
+ (_nss_compat_endspent): Call nss_endspent.
+ * nss/nss_files/files-XXX.c (position, last_use, keep_stream):
+ Remove. All uses removed.
+ (internal_setent): Remove parameter stayopen, add parameter
+ stream. Use it instead of global variable.
+ (CONCAT(_nss_files_set,ENTNAME)): Pass global stream.
+ (internal_endent, internal_getent): Add parameter stream. Use it
+ instead of global variable.
+ (CONCAT(_nss_files_end,ENTNAME))
+ (CONCAT(_nss_files_get,ENTNAME_r)): Pass global stream.
+ (_nss_files_get##name##_r): Pass local stream. Remove locking.
+ * nss/nss_files/files-alias.c (position, last_use): Remove. All
+ uses removed.
+ (internal_setent, internal_endent): Add parameter stream. Use it
+ instead of global variable.
+ (_nss_files_setaliasent, _nss_files_endaliasent): Pass global
+ stream.
+ (get_next_alias): Add parameter stream.
+ (_nss_files_getaliasent_r): Pass global stream.
+ (_nss_files_getaliasbyname_r): Pass local stream. Remove locking.
+ * nss/nss_files/files-hosts.c (_nss_files_gethostbyname3_r)
+ (_nss_files_gethostbyname4_r): Pass local stream to
+ internal_setent, internal_getent and internal_endent. Remove
+ locking.
+
2015-04-29 Florian Weimer <fweimer@redhat.com>
[BZ #18007]
16618, 16885, 16916, 16943, 16958, 17048, 17137, 17187, 17325, 17625,
17630, 18007, 18104, 18287.
-* CVE-2014-8121 The NSS files backend would reset the file pointer used by
- the get*ent functions if any of the query functions for the same database
- are used during the iteration, causing a denial-of-service condition in
- some applications.
+* CVE-2014-8121 The NSS backends shared internal state between the getXXent
+ and getXXbyYY NSS calls for the same database, causing a denial-of-service
+ condition in some applications.
* A buffer overflow in gethostbyname_r and related functions performing DNS
requests has been fixed. If the NSS functions were called with a
static enum nss_status
internal_endgrent (ent_t *ent)
{
- if (nss_endgrent)
- nss_endgrent ();
-
if (ent->stream != NULL)
{
fclose (ent->stream);
__libc_lock_lock (lock);
+ if (nss_endgrent)
+ nss_endgrent ();
+
result = internal_endgrent (&ext_ent);
__libc_lock_unlock (lock);
static enum nss_status
internal_endpwent (ent_t *ent)
{
- if (nss_endpwent)
- nss_endpwent ();
-
if (ent->stream != NULL)
{
fclose (ent->stream);
__libc_lock_lock (lock);
+ if (nss_endpwent)
+ nss_endpwent ();
+
result = internal_endpwent (&ext_ent);
__libc_lock_unlock (lock);
}
static enum nss_status
-internal_setspent (ent_t *ent, int stayopen)
+internal_setspent (ent_t *ent, int stayopen, int needent)
{
enum nss_status status = NSS_STATUS_SUCCESS;
give_spwd_free (&ent->pwd);
- if (status == NSS_STATUS_SUCCESS && nss_setspent)
+ if (needent && status == NSS_STATUS_SUCCESS && nss_setspent)
ent->setent_status = nss_setspent (stayopen);
return status;
if (ni == NULL)
init_nss_interface ();
- result = internal_setspent (&ext_ent, stayopen);
+ result = internal_setspent (&ext_ent, stayopen, 1);
__libc_lock_unlock (lock);
static enum nss_status
internal_endspent (ent_t *ent)
{
- if (nss_endspent)
- nss_endspent ();
-
if (ent->stream != NULL)
{
fclose (ent->stream);
__libc_lock_lock (lock);
+ if (nss_endspent)
+ nss_endspent ();
+
result = internal_endspent (&ext_ent);
__libc_lock_unlock (lock);
init_nss_interface ();
if (ext_ent.stream == NULL)
- result = internal_setspent (&ext_ent, 1);
+ result = internal_setspent (&ext_ent, 1, 1);
if (result == NSS_STATUS_SUCCESS)
result = internal_getspent_r (pwd, &ext_ent, buffer, buflen, errnop);
__libc_lock_unlock (lock);
- result = internal_setspent (&ent, 0);
+ result = internal_setspent (&ent, 0, 0);
if (result == NSS_STATUS_SUCCESS)
result = internal_getspnam_r (name, pwd, &ent, buffer, buflen, errnop);
/* Locks the static variables in this file. */
__libc_lock_define_initialized (static, lock)
\f
-/* Maintenance of the shared stream open on the database file. */
+/* Maintenance of the stream open on the database file. For getXXent
+ operations the stream needs to be held open across calls, the other
+ getXXbyYY operations all use their own stream. */
static FILE *stream;
-static fpos_t position;
-static enum { nouse, getent, getby } last_use;
-static int keep_stream;
/* Open database file if not already opened. */
static enum nss_status
-internal_setent (int stayopen)
+internal_setent (FILE **stream)
{
enum nss_status status = NSS_STATUS_SUCCESS;
- if (stream == NULL)
+ if (*stream == NULL)
{
- stream = fopen (DATAFILE, "rce");
+ *stream = fopen (DATAFILE, "rce");
- if (stream == NULL)
+ if (*stream == NULL)
status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
else
{
int result;
int flags;
- result = flags = fcntl (fileno (stream), F_GETFD, 0);
+ result = flags = fcntl (fileno (*stream), F_GETFD, 0);
if (result >= 0)
{
# ifdef O_CLOEXEC
# endif
{
flags |= FD_CLOEXEC;
- result = fcntl (fileno (stream), F_SETFD, flags);
+ result = fcntl (fileno (*stream), F_SETFD, flags);
}
}
if (result < 0)
{
/* Something went wrong. Close the stream and return a
failure. */
- fclose (stream);
- stream = NULL;
+ fclose (*stream);
+ *stream = NULL;
status = NSS_STATUS_UNAVAIL;
}
}
}
}
else
- rewind (stream);
-
- /* Remember STAYOPEN flag. */
- if (stream != NULL)
- keep_stream |= stayopen;
+ rewind (*stream);
return status;
}
__libc_lock_lock (lock);
- status = internal_setent (1);
-
- if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0)
- {
- fclose (stream);
- stream = NULL;
- status = NSS_STATUS_UNAVAIL;
- }
-
- last_use = getent;
+ status = internal_setent (&stream);
__libc_lock_unlock (lock);
/* Close the database file. */
static void
-internal_endent (void)
+internal_endent (FILE **stream)
{
- if (stream != NULL)
+ if (*stream != NULL)
{
- fclose (stream);
- stream = NULL;
+ fclose (*stream);
+ *stream = NULL;
}
}
{
__libc_lock_lock (lock);
- internal_endent ();
-
- /* Reset STAYOPEN flag. */
- keep_stream = 0;
+ internal_endent (&stream);
__libc_lock_unlock (lock);
/* Parsing the database file into `struct STRUCTURE' data structures. */
static enum nss_status
-internal_getent (struct STRUCTURE *result,
+internal_getent (FILE *stream, struct STRUCTURE *result,
char *buffer, size_t buflen, int *errnop H_ERRNO_PROTO
EXTRA_ARGS_DECL)
{
{
int save_errno = errno;
- status = internal_setent (0);
+ status = internal_setent (&stream);
__set_errno (save_errno);
-
- if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0)
- {
- fclose (stream);
- stream = NULL;
- status = NSS_STATUS_UNAVAIL;
- }
}
if (status == NSS_STATUS_SUCCESS)
- {
- /* If the last use was not by the getent function we need the
- position the stream. */
- if (last_use != getent)
- {
- if (fsetpos (stream, &position) < 0)
- status = NSS_STATUS_UNAVAIL;
- else
- last_use = getent;
- }
-
- if (status == NSS_STATUS_SUCCESS)
- {
- status = internal_getent (result, buffer, buflen, errnop
- H_ERRNO_ARG EXTRA_ARGS_VALUE);
-
- /* Remember this position if we were successful. If the
- operation failed we give the user a chance to repeat the
- operation (perhaps the buffer was too small). */
- if (status == NSS_STATUS_SUCCESS)
- fgetpos (stream, &position);
- else
- /* We must make sure we reposition the stream the next call. */
- last_use = nouse;
- }
- }
+ status = internal_getent (stream, result, buffer, buflen, errnop
+ H_ERRNO_ARG EXTRA_ARGS_VALUE);
__libc_lock_unlock (lock);
size_t buflen, int *errnop H_ERRNO_PROTO) \
{ \
enum nss_status status; \
+ FILE *stream = NULL; \
\
- __libc_lock_lock (lock); \
- \
- /* Reset file pointer to beginning or open file. */ \
- status = internal_setent (keep_stream); \
+ /* Open file. */ \
+ status = internal_setent (&stream); \
\
if (status == NSS_STATUS_SUCCESS) \
{ \
- /* Tell getent function that we have repositioned the file pointer. */ \
- last_use = getby; \
- \
- while ((status = internal_getent (result, buffer, buflen, errnop \
+ while ((status = internal_getent (stream, result, buffer, buflen, errnop \
H_ERRNO_ARG EXTRA_ARGS_VALUE)) \
== NSS_STATUS_SUCCESS) \
{ break_if_match } \
\
- if (! keep_stream) \
- internal_endent (); \
+ internal_endent (&stream); \
} \
\
- __libc_lock_unlock (lock); \
- \
return status; \
}
/* Locks the static variables in this file. */
__libc_lock_define_initialized (static, lock)
\f
-/* Maintenance of the shared stream open on the database file. */
+/* Maintenance of the stream open on the database file. For getXXent
+ operations the stream needs to be held open across calls, the other
+ getXXbyYY operations all use their own stream. */
static FILE *stream;
-static fpos_t position;
-static enum { nouse, getent, getby } last_use;
static enum nss_status
-internal_setent (void)
+internal_setent (FILE **stream)
{
enum nss_status status = NSS_STATUS_SUCCESS;
- if (stream == NULL)
+ if (*stream == NULL)
{
- stream = fopen ("/etc/aliases", "rce");
+ *stream = fopen ("/etc/aliases", "rce");
- if (stream == NULL)
+ if (*stream == NULL)
status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
else
{
int result;
int flags;
- result = flags = fcntl (fileno (stream), F_GETFD, 0);
+ result = flags = fcntl (fileno (*stream), F_GETFD, 0);
if (result >= 0)
{
# ifdef O_CLOEXEC
# endif
{
flags |= FD_CLOEXEC;
- result = fcntl (fileno (stream), F_SETFD, flags);
+ result = fcntl (fileno (*stream), F_SETFD, flags);
}
}
if (result < 0)
{
/* Something went wrong. Close the stream and return a
failure. */
- fclose (stream);
+ fclose (*stream);
stream = NULL;
status = NSS_STATUS_UNAVAIL;
}
}
}
else
- rewind (stream);
+ rewind (*stream);
return status;
}
__libc_lock_lock (lock);
- status = internal_setent ();
-
- if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0)
- {
- fclose (stream);
- stream = NULL;
- status = NSS_STATUS_UNAVAIL;
- }
-
- last_use = getent;
+ status = internal_setent (&stream);
__libc_lock_unlock (lock);
/* Close the database file. */
static void
-internal_endent (void)
+internal_endent (FILE **stream)
{
- if (stream != NULL)
+ if (*stream != NULL)
{
- fclose (stream);
- stream = NULL;
+ fclose (*stream);
+ *stream = NULL;
}
}
{
__libc_lock_lock (lock);
- internal_endent ();
+ internal_endent (&stream);
__libc_lock_unlock (lock);
\f
/* Parsing the database file into `struct aliasent' data structures. */
static enum nss_status
-get_next_alias (const char *match, struct aliasent *result,
+get_next_alias (FILE *stream, const char *match, struct aliasent *result,
char *buffer, size_t buflen, int *errnop)
{
enum nss_status status = NSS_STATUS_NOTFOUND;
/* Be prepared that the set*ent function was not called before. */
if (stream == NULL)
- status = internal_setent ();
+ status = internal_setent (&stream);
if (status == NSS_STATUS_SUCCESS)
{
- /* If the last use was not by the getent function we need the
- position the stream. */
- if (last_use != getent)
- {
- if (fsetpos (stream, &position) < 0)
- status = NSS_STATUS_UNAVAIL;
- else
- last_use = getent;
- }
+ result->alias_local = 1;
- if (status == NSS_STATUS_SUCCESS)
- {
- result->alias_local = 1;
-
- /* Read lines until we get a definite result. */
- do
- status = get_next_alias (NULL, result, buffer, buflen, errnop);
- while (status == NSS_STATUS_RETURN);
-
- /* If we successfully read an entry remember this position. */
- if (status == NSS_STATUS_SUCCESS)
- fgetpos (stream, &position);
- else
- last_use = nouse;
- }
+ /* Read lines until we get a definite result. */
+ do
+ status = get_next_alias (stream, NULL, result, buffer, buflen, errnop);
+ while (status == NSS_STATUS_RETURN);
}
__libc_lock_unlock (lock);
{
/* Return next entry in host file. */
enum nss_status status = NSS_STATUS_SUCCESS;
+ FILE *stream = NULL;
if (name == NULL)
{
return NSS_STATUS_UNAVAIL;
}
- __libc_lock_lock (lock);
-
- /* Open the stream or rest it. */
- status = internal_setent ();
- last_use = getby;
+ /* Open the stream. */
+ status = internal_setent (&stream);
if (status == NSS_STATUS_SUCCESS)
{
/* Read lines until we get a definite result. */
do
- status = get_next_alias (name, result, buffer, buflen, errnop);
+ status = get_next_alias (stream, name, result, buffer, buflen, errnop);
while (status == NSS_STATUS_RETURN);
}
- internal_endent ();
-
- __libc_lock_unlock (lock);
+ internal_endent (&stream);
return status;
}
struct STRUCTURE *result, char *buffer, \
size_t buflen, int *errnop H_ERRNO_PROTO) \
{ \
- uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct hostent_data); \
+ FILE *stream = NULL; \
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct hostent_data); \
buffer += pad; \
buflen = buflen > pad ? buflen - pad : 0; \
\
- __libc_lock_lock (lock); \
- \
- /* Reset file pointer to beginning or open file. */ \
- enum nss_status status = internal_setent (keep_stream); \
+ /* Open file. */ \
+ enum nss_status status = internal_setent (&stream); \
\
if (status == NSS_STATUS_SUCCESS) \
{ \
- /* Tell getent function that we have repositioned the file pointer. */ \
- last_use = getby; \
- \
- while ((status = internal_getent (result, buffer, buflen, errnop \
- H_ERRNO_ARG EXTRA_ARGS_VALUE)) \
+ while ((status = internal_getent (stream, result, buffer, buflen, \
+ errnop H_ERRNO_ARG EXTRA_ARGS_VALUE)) \
== NSS_STATUS_SUCCESS) \
{ break_if_match } \
\
bufferend = (char *) &result->h_aliases[naliases + 1]; \
\
again: \
- while ((status = internal_getent (&tmp_result_buf, tmp_buffer, \
- tmp_buflen, errnop H_ERRNO_ARG \
- EXTRA_ARGS_VALUE)) \
+ while ((status = internal_getent (stream, &tmp_result_buf, \
+ tmp_buffer, tmp_buflen, errnop \
+ H_ERRNO_ARG EXTRA_ARGS_VALUE)) \
== NSS_STATUS_SUCCESS) \
{ \
int matches = 1; \
} \
\
\
- if (! keep_stream) \
- internal_endent (); \
+ internal_endent (&stream); \
} \
\
- __libc_lock_unlock (lock); \
- \
return status; \
}
}, const void *addr, socklen_t len, int af)
#undef EXTRA_ARGS_VALUE
-
enum nss_status
_nss_files_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
char *buffer, size_t buflen, int *errnop,
int *herrnop, int32_t *ttlp)
{
- __libc_lock_lock (lock);
+ FILE *stream = NULL;
- /* Reset file pointer to beginning or open file. */
- enum nss_status status = internal_setent (keep_stream);
+ /* Open file. */
+ enum nss_status status = internal_setent (&stream);
if (status == NSS_STATUS_SUCCESS)
{
- /* Tell getent function that we have repositioned the file pointer. */
- last_use = getby;
-
bool any = false;
bool got_canon = false;
while (1)
buflen = buflen > pad ? buflen - pad : 0;
struct hostent result;
- status = internal_getent (&result, buffer, buflen, errnop
+ status = internal_getent (stream, &result, buffer, buflen, errnop
H_ERRNO_ARG, AF_UNSPEC, 0);
if (status != NSS_STATUS_SUCCESS)
break;
status = NSS_STATUS_SUCCESS;
}
- if (! keep_stream)
- internal_endent ();
+ internal_endent (&stream);
}
else if (status == NSS_STATUS_TRYAGAIN)
{
*herrnop = NO_DATA;
}
- __libc_lock_unlock (lock);
-
return status;
}
projects / thirdparty / glibc.git / commitdiff
