aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Jelinek <jakub@redhat.com>2007-01-31 09:14:21 +0000
committerJakub Jelinek <jakub@redhat.com>2007-01-31 09:14:21 +0000
commit1a77d37f9228d51d727f1caff2689137785232b9 (patch)
treed59b0c6fe37e90d5fa0cb1d2ce7e795521ac53cb /nscd/nscd_getgr_r.c
parent* misc/hsearch_r.c (hdestroy_r): Remove unnecessary test. (diff)
downloadglibc-1a77d37f9228d51d727f1caff2689137785232b9.tar.gz
glibc-1a77d37f9228d51d727f1caff2689137785232b9.tar.bz2
glibc-1a77d37f9228d51d727f1caff2689137785232b9.zip
* nscd/nscd-client.h (__nscd_cache_search): Remove const qualifier
from return value. * nscd/nscd_helper.c: Include string.h. (__nscd_cache_search): Remove const qualifier from return value. On strict alignment architectures check hash entry and data head alignment. * nscd/nscd_getpw_r.c (nscd_getpw_r): Don't crash or fail because mmapped data during GC cycle contains garbage. If __nscd_drop_map_ref fails, decrement mapped->counter when returning error or if retrying with NO_MAPPING, only __nscd_unmap if counter dropped to 0. * nscd/nscd_getgr_r.c (nscd_getgr_r): Likewise. * nscd/nscd_initgroups.c (__nscd_getgrouplist): Likewise. * nscd/nscd_gethst_r.c (nscd_gethst_r): Likewise. * nscd/nscd_getai.c (__nscd_getai): Likewise. * nscd/nscd_getserv_r.c (nscd_getserv_r): Likewise. 2007-01-31 Jakub Jelinek <jakub@redhat.com> * nscd/nscd-client.h (__nscd_cache_search): Remove const qualifier from return value. * nscd/nscd_helper.c: Include string.h. (__nscd_cache_search): Remove const qualifier from return value. On strict alignment architectures check hash entry and data head alignment. * nscd/nscd_getpw_r.c (nscd_getpw_r): Don't crash or fail because mmapped data during GC cycle contains garbage. If __nscd_drop_map_ref fails, decrement mapped->counter when returning error or if retrying with NO_MAPPING, only __nscd_unmap if counter dropped to 0. * nscd/nscd_getgr_r.c (nscd_getgr_r): Likewise. * nscd/nscd_initgroups.c (__nscd_getgrouplist): Likewise. * nscd/nscd_gethst_r.c (nscd_gethst_r): Likewise. * nscd/nscd_getai.c (__nscd_getai): Likewise. * nscd/nscd_getserv_r.c (nscd_getserv_r): Likewise.
Diffstat (limited to 'nscd/nscd_getgr_r.c')
-rw-r--r--nscd/nscd_getgr_r.c108
1 files changed, 66 insertions, 42 deletions
diff --git a/nscd/nscd_getgr_r.c b/nscd/nscd_getgr_r.c
index 922b906c19..fc036f2888 100644
--- a/nscd/nscd_getgr_r.c
+++ b/nscd/nscd_getgr_r.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1998-2000, 2002-2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 1998-2000, 2002-2005, 2006, 2007
+ Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998.
@@ -88,6 +89,7 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
struct group **result)
{
int gc_cycle;
+ int nretries = 0;
const uint32_t *len = NULL;
size_t lensize = 0;
@@ -97,55 +99,59 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
&__gr_map_handle,
&gc_cycle);
retry:;
- const gr_response_header *gr_resp = NULL;
const char *gr_name = NULL;
size_t gr_name_len = 0;
int retval = -1;
const char *recend = (const char *) ~UINTMAX_C (0);
+ gr_response_header gr_resp;
if (mapped != NO_MAPPING)
{
- const struct datahead *found = __nscd_cache_search (type, key, keylen,
- mapped);
+ struct datahead *found = __nscd_cache_search (type, key, keylen, mapped);
if (found != NULL)
{
- gr_resp = &found->data[0].grdata;
- len = (const uint32_t *) (gr_resp + 1);
- /* The alignment is always sufficient. */
- assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0);
+ len = (const uint32_t *) (&found->data[0].grdata + 1);
+ gr_resp = found->data[0].grdata;
gr_name = ((const char *) len
- + gr_resp->gr_mem_cnt * sizeof (uint32_t));
- gr_name_len = gr_resp->gr_name_len + gr_resp->gr_passwd_len;
+ + gr_resp.gr_mem_cnt * sizeof (uint32_t));
+ gr_name_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
recend = (const char *) found->data + found->recsize;
+ /* Now check if we can trust gr_resp fields. If GC is
+ in progress, it can contain anything. */
+ if (mapped->head->gc_cycle != gc_cycle)
+ {
+ retval = -2;
+ goto out;
+ }
+
+ /* The alignment is always sufficient, unless GC is in progress. */
+ assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0);
}
}
- gr_response_header gr_resp_mem;
int sock = -1;
- if (gr_resp == NULL)
+ if (gr_name == NULL)
{
- sock = __nscd_open_socket (key, keylen, type, &gr_resp_mem,
- sizeof (gr_resp_mem));
+ sock = __nscd_open_socket (key, keylen, type, &gr_resp,
+ sizeof (gr_resp));
if (sock == -1)
{
__nss_not_use_nscd_group = 1;
goto out;
}
-
- gr_resp = &gr_resp_mem;
}
/* No value found so far. */
*result = NULL;
- if (__builtin_expect (gr_resp->found == -1, 0))
+ if (__builtin_expect (gr_resp.found == -1, 0))
{
/* The daemon does not cache this database. */
__nss_not_use_nscd_group = 1;
goto out_close;
}
- if (gr_resp->found == 1)
+ if (gr_resp.found == 1)
{
struct iovec vec[2];
char *p = buffer;
@@ -157,8 +163,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
align the pointer. */
align = ((__alignof__ (char *) - (p - ((char *) 0)))
& (__alignof__ (char *) - 1));
- total_len = (align + (1 + gr_resp->gr_mem_cnt) * sizeof (char *)
- + gr_resp->gr_name_len + gr_resp->gr_passwd_len);
+ total_len = (align + (1 + gr_resp.gr_mem_cnt) * sizeof (char *)
+ + gr_resp.gr_name_len + gr_resp.gr_passwd_len);
if (__builtin_expect (buflen < total_len, 0))
{
no_room:
@@ -170,16 +176,16 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
p += align;
resultbuf->gr_mem = (char **) p;
- p += (1 + gr_resp->gr_mem_cnt) * sizeof (char *);
+ p += (1 + gr_resp.gr_mem_cnt) * sizeof (char *);
/* Set pointers for strings. */
resultbuf->gr_name = p;
- p += gr_resp->gr_name_len;
+ p += gr_resp.gr_name_len;
resultbuf->gr_passwd = p;
- p += gr_resp->gr_passwd_len;
+ p += gr_resp.gr_passwd_len;
/* Fill in what we know now. */
- resultbuf->gr_gid = gr_resp->gr_gid;
+ resultbuf->gr_gid = gr_resp.gr_gid;
/* Read the length information, group name, and password. */
if (gr_name == NULL)
@@ -187,17 +193,17 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
/* Allocate array to store lengths. */
if (lensize == 0)
{
- lensize = gr_resp->gr_mem_cnt * sizeof (uint32_t);
+ lensize = gr_resp.gr_mem_cnt * sizeof (uint32_t);
len = (uint32_t *) alloca (lensize);
}
- else if (gr_resp->gr_mem_cnt * sizeof (uint32_t) > lensize)
+ else if (gr_resp.gr_mem_cnt * sizeof (uint32_t) > lensize)
len = extend_alloca (len, lensize,
- gr_resp->gr_mem_cnt * sizeof (uint32_t));
+ gr_resp.gr_mem_cnt * sizeof (uint32_t));
vec[0].iov_base = (void *) len;
- vec[0].iov_len = gr_resp->gr_mem_cnt * sizeof (uint32_t);
+ vec[0].iov_len = gr_resp.gr_mem_cnt * sizeof (uint32_t);
vec[1].iov_base = resultbuf->gr_name;
- vec[1].iov_len = gr_resp->gr_name_len + gr_resp->gr_passwd_len;
+ vec[1].iov_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
total_len = vec[0].iov_len + vec[1].iov_len;
/* Get this data. */
@@ -209,14 +215,14 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
/* We already have the data. Just copy the group name and
password. */
memcpy (resultbuf->gr_name, gr_name,
- gr_resp->gr_name_len + gr_resp->gr_passwd_len);
+ gr_resp.gr_name_len + gr_resp.gr_passwd_len);
/* Clear the terminating entry. */
- resultbuf->gr_mem[gr_resp->gr_mem_cnt] = NULL;
+ resultbuf->gr_mem[gr_resp.gr_mem_cnt] = NULL;
/* Prepare reading the group members. */
total_len = 0;
- for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt)
+ for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt)
{
resultbuf->gr_mem[cnt] = p;
total_len += len[cnt];
@@ -224,9 +230,25 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
}
if (__builtin_expect (gr_name + gr_name_len + total_len > recend, 0))
- goto out_close;
+ {
+ /* len array might contain garbage during nscd GC cycle,
+ retry rather than fail in that case. */
+ if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle)
+ retval = -2;
+ goto out_close;
+ }
if (__builtin_expect (total_len > buflen, 0))
- goto no_room;
+ {
+ /* len array might contain garbage during nscd GC cycle,
+ retry rather than fail in that case. */
+ if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle)
+ {
+ retval = -2;
+ goto out_close;
+ }
+ else
+ goto no_room;
+ }
retval = 0;
if (gr_name == NULL)
@@ -248,14 +270,14 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
/* Try to detect corrupt databases. */
if (resultbuf->gr_name[gr_name_len - 1] != '\0'
- || resultbuf->gr_passwd[gr_resp->gr_passwd_len - 1] != '\0'
- || ({for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt)
+ || resultbuf->gr_passwd[gr_resp.gr_passwd_len - 1] != '\0'
+ || ({for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt)
if (resultbuf->gr_mem[cnt][len[cnt] - 1] != '\0')
break;
- cnt < gr_resp->gr_mem_cnt; }))
+ cnt < gr_resp.gr_mem_cnt; }))
{
/* We cannot use the database. */
- retval = -1;
+ retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1;
goto out_close;
}
@@ -274,19 +296,21 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type,
if (sock != -1)
close_not_cancel_no_status (sock);
out:
- if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
+ if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
{
/* When we come here this means there has been a GC cycle while we
were looking for the data. This means the data might have been
inconsistent. Retry if possible. */
- if ((gc_cycle & 1) != 0)
+ if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
{
/* nscd is just running gc now. Disable using the mapping. */
- __nscd_unmap (mapped);
+ if (atomic_decrement_val (&mapped->counter) == 0)
+ __nscd_unmap (mapped);
mapped = NO_MAPPING;
}
- goto retry;
+ if (retval != -1)
+ goto retry;
}
return retval;