Permalink
Browse files

nss_db: Propagate ERANGE error if parse_line fails [BZ #19837]

Reproducer (needs to run as root):

perl -e \
  'print "large999:" . join(",", map {"user$_"} (1 .. 135))."\n"' \
  >> /etc/group
cd /var/db
make
getent -s db group

After the fix, the last command should list the "large" group.

The magic number 135 has been chosen so that the line is shorter than
1024 bytes, but the pointers required to encode the member array will
cross the threshold, triggering the bug.
  • Loading branch information...
Florian Weimer
Florian Weimer committed Mar 29, 2016
1 parent 0791f91 commit a6033052d08027f745867e5e346852da1959226c
Showing with 8 additions and 2 deletions.
  1. +6 −0 ChangeLog
  2. +2 −2 nss/nss_db/db-XXX.c
@@ -1,3 +1,9 @@
2016-03-29 Florian Weimer <fweimer@redhat.com>

[BZ #19837]
* nss/nss_db/db-XXX.c (_nss_db_getENTNAME_r): Propagate ERANGE
error if parse_line fails.

2016-03-28 H.J. Lu <hongjiu.lu@intel.com>

* sysdeps/x86/cpu-features.h (bit_cpu_ERMS): New.
@@ -288,8 +288,8 @@ CONCAT(_nss_db_get,ENTNAME_r) (struct STRUCTURE *result, char *buffer,
}
if (err < 0)
{
H_ERRNO_SET (HOST_NOT_FOUND);
status = NSS_STATUS_NOTFOUND;
H_ERRNO_SET (NETDB_INTERNAL);
status = NSS_STATUS_TRYAGAIN;
break;
}

0 comments on commit a603305

Please sign in to comment.