Return NULL for wildcard values in getnetgrent from nscd (BZ #16759)

getnetgrent is supposed to return NULL for values that are wildcards
in the (host, user, domain) triplet.  This works correctly with nscd
disabled, but with it enabled, it returns a blank ("") instead of a
NULL.  This is easily seen with the output of `getent netgroup foonet`
for a netgroup foonet defined as follows in /etc/netgroup:

    foonet (,foo,)

The output with nscd disabled is:

    foonet ( ,foo,)

while with nscd enabled, it is:

    foonet (,foo,)

The extra space with nscd disabled is due to the fact that `getent
netgroup` adds it if the return value from getnetgrent is NULL for
either host or user.

(cherry picked from commit dd3022d75e6fb8957843d6d84257a5d8457822d5)

diff --git a/ChangeLog b/ChangeLog
index 3cb4c4d2a1cddf94683571cf84e5440a553ec24e..896b564707fcc275c001bea97c2604124380e001 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,10 @@
        * nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
        blank values.
 
+       [BZ #16759]
+       * inet/getnetgrent_r.c (get_nonempty_val): New function.
+       (nscd_getnetgrent): Use it.
+
 2015-11-24  Andreas Schwab  <schwab@suse.de>
 
        [BZ #17062]

diff --git a/NEWS b/NEWS
index 9771c0792dc22d44f1cdcd6ba2a784a23081a772..6f295a201a12d7ee3839d0a2de553723b6b6c4ea 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,9 +9,9 @@ Version 2.19.1
 
 * The following bugs are resolved with this release:
 
-  15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16878, 16882,
-  16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137,
-  17153, 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287.
+  15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16759, 16878,
+  16882, 16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079,
+  17137, 17153, 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287.
 
 * A buffer overflow in gethostbyname_r and related functions performing DNS
   requests has been fixed.  If the NSS functions were called with a

diff --git a/inet/getnetgrent_r.c b/inet/getnetgrent_r.c
index 62cdfda9cbbde7ab3ea0a09dde79c8d9a624cbb9..f6d064dbb5faeb8c80ba846bcb0784bcdcec37e8 100644 (file)
--- a/inet/getnetgrent_r.c
+++ b/inet/getnetgrent_r.c
@@ -235,6 +235,14 @@ endnetgrent (void)
 }
 
 #ifdef USE_NSCD
+static const char *
+get_nonempty_val (const char *in)
+{
+  if (*in == '\0')
+    return NULL;
+  return in;
+}
+
 static enum nss_status
 nscd_getnetgrent (struct __netgrent *datap, char *buffer, size_t buflen,
                  int *errnop)
@@ -243,11 +251,11 @@ nscd_getnetgrent (struct __netgrent *datap, char *buffer, size_t buflen,
     return NSS_STATUS_UNAVAIL;
 
   datap->type = triple_val;
-  datap->val.triple.host = datap->cursor;
+  datap->val.triple.host = get_nonempty_val (datap->cursor);
   datap->cursor = (char *) __rawmemchr (datap->cursor, '\0') + 1;
-  datap->val.triple.user = datap->cursor;
+  datap->val.triple.user = get_nonempty_val (datap->cursor);
   datap->cursor = (char *) __rawmemchr (datap->cursor, '\0') + 1;
-  datap->val.triple.domain = datap->cursor;
+  datap->val.triple.domain = get_nonempty_val (datap->cursor);
   datap->cursor = (char *) __rawmemchr (datap->cursor, '\0') + 1;
 
   return NSS_STATUS_SUCCESS;