[02/11] nss_compat: Do not use mmap to read database files (bug 26258)

Message ID df85d85088d06f7161d4c7719a56ec231d356e6d.1594974444.git.fweimer@redhat.com
State New
Headers show
Series
  • Fix fgetsgent_r data corruption bug (20338)
Related show

Commit Message

Alejandro Colomar via Libc-alpha July 17, 2020, 8:30 a.m.
This avoids crashes in case the files are truncated for some reason.
For typically file sizes, it is also going to be slightly faster.
Using __nss_files_fopen instead mirrors what nss_files does.
---
 nss/nss_compat/compat-grp.c        | 6 ++----
 nss/nss_compat/compat-initgroups.c | 6 ++----
 nss/nss_compat/compat-pwd.c        | 6 ++----
 nss/nss_compat/compat-spwd.c       | 6 ++----
 4 files changed, 8 insertions(+), 16 deletions(-)

-- 
2.26.2

Comments

Alejandro Colomar via Libc-alpha July 21, 2020, 3:27 a.m. | #1
On 7/17/20 4:30 AM, Florian Weimer via Libc-alpha wrote:
> This avoids crashes in case the files are truncated for some reason.

> For typically file sizes, it is also going to be slightly faster.

> Using __nss_files_fopen instead mirrors what nss_files does.


OK for 2.32.

Correct, using __nss_files_fopen activates the handle resulting in
use of the underlying caches.

Tested-by: Carlos O'Donell <carlos@redhat.com>

Reviewed-by: Carlos O'Donell <carlos@redhat.com>


> ---

>  nss/nss_compat/compat-grp.c        | 6 ++----

>  nss/nss_compat/compat-initgroups.c | 6 ++----

>  nss/nss_compat/compat-pwd.c        | 6 ++----

>  nss/nss_compat/compat-spwd.c       | 6 ++----

>  4 files changed, 8 insertions(+), 16 deletions(-)

> 

> diff --git a/nss/nss_compat/compat-grp.c b/nss/nss_compat/compat-grp.c

> index d4f750b95c..510d49e8c7 100644

> --- a/nss/nss_compat/compat-grp.c

> +++ b/nss/nss_compat/compat-grp.c

> @@ -26,6 +26,7 @@

>  #include <string.h>

>  #include <libc-lock.h>

>  #include <kernel-features.h>

> +#include <nss_files.h>


OK.

>  

>  NSS_DECLARE_MODULE_FUNCTIONS (compat)

>  

> @@ -108,13 +109,10 @@ internal_setgrent (ent_t *ent, int stayopen, int needent)

>  

>    if (ent->stream == NULL)

>      {

> -      ent->stream = fopen ("/etc/group", "rme");

> +      ent->stream = __nss_files_fopen ("/etc/group");

>  

>        if (ent->stream == NULL)

>  	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;

> -      else

> -	/* We take care of locking ourself.  */

> -	__fsetlocking (ent->stream, FSETLOCKING_BYCALLER);

>      }

>    else

>      rewind (ent->stream);

> diff --git a/nss/nss_compat/compat-initgroups.c b/nss/nss_compat/compat-initgroups.c

> index 3671bef48b..c0dcdf839d 100644

> --- a/nss/nss_compat/compat-initgroups.c

> +++ b/nss/nss_compat/compat-initgroups.c

> @@ -29,6 +29,7 @@

>  #include <libc-lock.h>

>  #include <kernel-features.h>

>  #include <scratch_buffer.h>

> +#include <nss_files.h>

>  

>  NSS_DECLARE_MODULE_FUNCTIONS (compat)

>  

> @@ -122,13 +123,10 @@ internal_setgrent (ent_t *ent)

>    else

>      ent->blacklist.current = 0;

>  

> -  ent->stream = fopen ("/etc/group", "rme");

> +  ent->stream = __nss_files_fopen ("/etc/group");

>  

>    if (ent->stream == NULL)

>      status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;

> -  else

> -    /* We take care of locking ourself.  */

> -    __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);

>  

>    return status;

>  }

> diff --git a/nss/nss_compat/compat-pwd.c b/nss/nss_compat/compat-pwd.c

> index 394e39b811..3a212a0dab 100644

> --- a/nss/nss_compat/compat-pwd.c

> +++ b/nss/nss_compat/compat-pwd.c

> @@ -27,6 +27,7 @@

>  #include <string.h>

>  #include <libc-lock.h>

>  #include <kernel-features.h>

> +#include <nss_files.h>

>  

>  #include "netgroup.h"

>  #include "nisdomain.h"

> @@ -223,13 +224,10 @@ internal_setpwent (ent_t *ent, int stayopen, int needent)

>  

>    if (ent->stream == NULL)

>      {

> -      ent->stream = fopen ("/etc/passwd", "rme");

> +      ent->stream = __nss_files_fopen ("/etc/passwd");

>  

>        if (ent->stream == NULL)

>  	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;

> -      else

> -	/* We take care of locking ourself.  */

> -	__fsetlocking (ent->stream, FSETLOCKING_BYCALLER);

>      }

>    else

>      rewind (ent->stream);

> diff --git a/nss/nss_compat/compat-spwd.c b/nss/nss_compat/compat-spwd.c

> index ec5bf283cd..d802ee0302 100644

> --- a/nss/nss_compat/compat-spwd.c

> +++ b/nss/nss_compat/compat-spwd.c

> @@ -27,6 +27,7 @@

>  #include <string.h>

>  #include <libc-lock.h>

>  #include <kernel-features.h>

> +#include <nss_files.h>

>  

>  #include "netgroup.h"

>  #include "nisdomain.h"

> @@ -179,13 +180,10 @@ internal_setspent (ent_t *ent, int stayopen, int needent)

>  

>    if (ent->stream == NULL)

>      {

> -      ent->stream = fopen ("/etc/shadow", "rme");

> +      ent->stream = __nss_files_fopen ("/etc/shadow");

>  

>        if (ent->stream == NULL)

>  	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;

> -      else

> -	/* We take care of locking ourself.  */

> -	__fsetlocking (ent->stream, FSETLOCKING_BYCALLER);

>      }

>    else

>      rewind (ent->stream);

> 



-- 
Cheers,
Carlos.

Patch

diff --git a/nss/nss_compat/compat-grp.c b/nss/nss_compat/compat-grp.c
index d4f750b95c..510d49e8c7 100644
--- a/nss/nss_compat/compat-grp.c
+++ b/nss/nss_compat/compat-grp.c
@@ -26,6 +26,7 @@ 
 #include <string.h>
 #include <libc-lock.h>
 #include <kernel-features.h>
+#include <nss_files.h>
 
 NSS_DECLARE_MODULE_FUNCTIONS (compat)
 
@@ -108,13 +109,10 @@  internal_setgrent (ent_t *ent, int stayopen, int needent)
 
   if (ent->stream == NULL)
     {
-      ent->stream = fopen ("/etc/group", "rme");
+      ent->stream = __nss_files_fopen ("/etc/group");
 
       if (ent->stream == NULL)
 	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
-      else
-	/* We take care of locking ourself.  */
-	__fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
     }
   else
     rewind (ent->stream);
diff --git a/nss/nss_compat/compat-initgroups.c b/nss/nss_compat/compat-initgroups.c
index 3671bef48b..c0dcdf839d 100644
--- a/nss/nss_compat/compat-initgroups.c
+++ b/nss/nss_compat/compat-initgroups.c
@@ -29,6 +29,7 @@ 
 #include <libc-lock.h>
 #include <kernel-features.h>
 #include <scratch_buffer.h>
+#include <nss_files.h>
 
 NSS_DECLARE_MODULE_FUNCTIONS (compat)
 
@@ -122,13 +123,10 @@  internal_setgrent (ent_t *ent)
   else
     ent->blacklist.current = 0;
 
-  ent->stream = fopen ("/etc/group", "rme");
+  ent->stream = __nss_files_fopen ("/etc/group");
 
   if (ent->stream == NULL)
     status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
-  else
-    /* We take care of locking ourself.  */
-    __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
 
   return status;
 }
diff --git a/nss/nss_compat/compat-pwd.c b/nss/nss_compat/compat-pwd.c
index 394e39b811..3a212a0dab 100644
--- a/nss/nss_compat/compat-pwd.c
+++ b/nss/nss_compat/compat-pwd.c
@@ -27,6 +27,7 @@ 
 #include <string.h>
 #include <libc-lock.h>
 #include <kernel-features.h>
+#include <nss_files.h>
 
 #include "netgroup.h"
 #include "nisdomain.h"
@@ -223,13 +224,10 @@  internal_setpwent (ent_t *ent, int stayopen, int needent)
 
   if (ent->stream == NULL)
     {
-      ent->stream = fopen ("/etc/passwd", "rme");
+      ent->stream = __nss_files_fopen ("/etc/passwd");
 
       if (ent->stream == NULL)
 	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
-      else
-	/* We take care of locking ourself.  */
-	__fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
     }
   else
     rewind (ent->stream);
diff --git a/nss/nss_compat/compat-spwd.c b/nss/nss_compat/compat-spwd.c
index ec5bf283cd..d802ee0302 100644
--- a/nss/nss_compat/compat-spwd.c
+++ b/nss/nss_compat/compat-spwd.c
@@ -27,6 +27,7 @@ 
 #include <string.h>
 #include <libc-lock.h>
 #include <kernel-features.h>
+#include <nss_files.h>
 
 #include "netgroup.h"
 #include "nisdomain.h"
@@ -179,13 +180,10 @@  internal_setspent (ent_t *ent, int stayopen, int needent)
 
   if (ent->stream == NULL)
     {
-      ent->stream = fopen ("/etc/shadow", "rme");
+      ent->stream = __nss_files_fopen ("/etc/shadow");
 
       if (ent->stream == NULL)
 	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
-      else
-	/* We take care of locking ourself.  */
-	__fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
     }
   else
     rewind (ent->stream);