From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Thu, 26 Jul 2018 08:16:25 +0000 (+0200)
Subject: Merge pull request #9504 from poettering/nss-deadlock
X-Git-Tag: v240~892
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=54fe2ce1b943b55162cc35b28e976c4fbf490dae;p=thirdparty%2Fsystemd.git

Merge pull request #9504 from poettering/nss-deadlock

some nss deadlock love
---

54fe2ce1b943b55162cc35b28e976c4fbf490dae
diff --cc src/nss-mymachines/nss-mymachines.c
index 9b81cd9ad16,d56d3b4c214..3d1fc283533
--- a/src/nss-mymachines/nss-mymachines.c
+++ b/src/nss-mymachines/nss-mymachines.c
@@@ -423,8 -446,13 +447,13 @@@ enum nss_status _nss_mymachines_getpwna
                  /* Make sure we can't deadlock if we are invoked by dbus-daemon. This way, it won't be able to resolve
                   * these UIDs, but that should be unproblematic as containers should never be able to connect to a bus
                   * running on the host. */
 -                goto not_found;
 +                return NSS_STATUS_NOTFOUND;
  
+         if (avoid_deadlock()) {
+                 r = -EDEADLK;
+                 goto fail;
+         }
+ 
          r = sd_bus_open_system(&bus);
          if (r < 0)
                  goto fail;
@@@ -497,11 -529,16 +526,16 @@@ enum nss_status _nss_mymachines_getpwui
  
          /* We consider all uids < 65536 host uids */
          if (uid < HOST_UID_LIMIT)
 -                goto not_found;
 +                return NSS_STATUS_NOTFOUND;
  
          if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
 -                goto not_found;
 +                return NSS_STATUS_NOTFOUND;
  
+         if (avoid_deadlock()) {
+                 r = -EDEADLK;
+                 goto fail;
+         }
+ 
          r = sd_bus_open_system(&bus);
          if (r < 0)
                  goto fail;
@@@ -589,11 -630,16 +623,16 @@@ enum nss_status _nss_mymachines_getgrna
  
          machine = strndupa(p, e - p);
          if (!machine_name_is_valid(machine))
 -                goto not_found;
 +                return NSS_STATUS_NOTFOUND;
  
          if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
 -                goto not_found;
 +                return NSS_STATUS_NOTFOUND;
  
+         if (avoid_deadlock()) {
+                 r = -EDEADLK;
+                 goto fail;
+         }
+ 
          r = sd_bus_open_system(&bus);
          if (r < 0)
                  goto fail;
@@@ -663,11 -713,16 +702,16 @@@ enum nss_status _nss_mymachines_getgrgi
  
          /* We consider all gids < 65536 host gids */
          if (gid < HOST_GID_LIMIT)
 -                goto not_found;
 +                return NSS_STATUS_NOTFOUND;
  
          if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
 -                goto not_found;
 +                return NSS_STATUS_NOTFOUND;
  
+         if (avoid_deadlock()) {
+                 r = -EDEADLK;
+                 goto fail;
+         }
+ 
          r = sd_bus_open_system(&bus);
          if (r < 0)
                  goto fail;