Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed,  1 Sep 2021 15:27:27 -0300
From: √Črico Nogueira <ericonr@...root.org>
To: musl@...ts.openwall.com
Cc: √Črico Nogueira <ericonr@...root.org>
Subject: [PATCH v2] fix nscd querying when the daemon is disabled for some query types

for example, glibc's nscd, configured with `enable-cache passwd no`,
will still answer passwd queries, but with a message that simply
indicates it's disabled passwd querying. this is done by setting the
passwdbuf[PWFOUND] field to -1, which we used to evaluate as "true" for
the entry having been found, and then errored out when the rest of the
query response had the length fields set to 0 instead of 1 (which is
what we expect from empty fields, since they should contain an empty
string).  this is the case for group and initgroups queries as well.

from our point of view, buf[xxFOUND] being -1 can be treated the same as
if it was 0: a -1 response is equivalent to no nscd daemon running at
all, and we treat daemon unavailability the same as the daemon not
knowing about our query. to simplify the code, we discard any answers
with negative buf[xxFOUND].
---
 src/passwd/getgr_a.c      | 2 +-
 src/passwd/getgrouplist.c | 2 +-
 src/passwd/getpw_a.c      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/passwd/getgr_a.c b/src/passwd/getgr_a.c
index afeb1ece..dbb9a4a1 100644
--- a/src/passwd/getgr_a.c
+++ b/src/passwd/getgr_a.c
@@ -64,7 +64,7 @@ int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf, size_t
 		f = __nscd_query(req, key, groupbuf, sizeof groupbuf, &swap);
 		if (!f) { rv = errno; goto done; }
 
-		if (!groupbuf[GRFOUND]) { rv = 0; goto cleanup_f; }
+		if (groupbuf[GRFOUND] <= 0) { rv = 0; goto cleanup_f; }
 
 		if (!groupbuf[GRNAMELEN] || !groupbuf[GRPASSWDLEN]) {
 			rv = EIO;
diff --git a/src/passwd/getgrouplist.c b/src/passwd/getgrouplist.c
index 301824ce..91e29612 100644
--- a/src/passwd/getgrouplist.c
+++ b/src/passwd/getgrouplist.c
@@ -28,7 +28,7 @@ int getgrouplist(const char *user, gid_t gid, gid_t *groups, int *ngroups)
 
 	f = __nscd_query(GETINITGR, user, resp, sizeof resp, &swap);
 	if (!f) goto cleanup;
-	if (resp[INITGRFOUND]) {
+	if (resp[INITGRFOUND] > 0) {
 		nscdbuf = calloc(resp[INITGRNGRPS], sizeof(uint32_t));
 		if (!nscdbuf) goto cleanup;
 		size_t nbytes = sizeof(*nscdbuf)*resp[INITGRNGRPS];
diff --git a/src/passwd/getpw_a.c b/src/passwd/getpw_a.c
index 15a70c03..2479f7d2 100644
--- a/src/passwd/getpw_a.c
+++ b/src/passwd/getpw_a.c
@@ -65,7 +65,7 @@ int __getpw_a(const char *name, uid_t uid, struct passwd *pw, char **buf, size_t
 		f = __nscd_query(req, key, passwdbuf, sizeof passwdbuf, (int[]){0});
 		if (!f) { rv = errno; goto done; }
 
-		if(!passwdbuf[PWFOUND]) { rv = 0; goto cleanup_f; }
+		if(passwdbuf[PWFOUND] <= 0) { rv = 0; goto cleanup_f; }
 
 		/* A zero length response from nscd is invalid. We ignore
 		 * invalid responses and just report an error, rather than
-- 
2.33.0

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.