|
 |
ca1eb8 |
From 64085ac9dbc95bc7b227f24a9a8ec78952c68227 Mon Sep 17 00:00:00 2001
|
|
|
ca1eb8 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
ca1eb8 |
Date: Wed, 11 Jul 2018 22:18:41 +0200
|
|
|
ca1eb8 |
Subject: [PATCH] MC: Remove check if record is in the mapped address space
|
|
|
ca1eb8 |
MIME-Version: 1.0
|
|
|
ca1eb8 |
Content-Type: text/plain; charset=UTF-8
|
|
|
ca1eb8 |
Content-Transfer-Encoding: 8bit
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
There is a check in the memory cache code that checks if a record pointer
|
|
|
ca1eb8 |
points to the mmapped region . But since some time ago, we return not
|
|
|
ca1eb8 |
a pointer to the mmapped region itself, but a copy to avoid issues with
|
|
|
ca1eb8 |
invalidating an entry while the same entry is being returned.
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
In most cases, the check is correct, simply because of how memory is laid
|
|
|
ca1eb8 |
out on Linux, but in some cases the check was failing and causing a high
|
|
|
ca1eb8 |
load of SSSD.
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
Signed-off-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
Resolves:
|
|
|
ca1eb8 |
https://pagure.io/SSSD/sssd/issue/3776
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
ca1eb8 |
(cherry picked from commit f1c2d4139b6107ee3e9bec0cbe5bf8c2ea8428b2)
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
DOWNSTREAM:
|
|
|
ca1eb8 |
Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped
|
|
|
ca1eb8 |
---
|
|
|
ca1eb8 |
src/sss_client/nss_mc_group.c | 4 +---
|
|
|
ca1eb8 |
src/sss_client/nss_mc_initgr.c | 5 +----
|
|
|
ca1eb8 |
src/sss_client/nss_mc_passwd.c | 4 +---
|
|
|
ca1eb8 |
3 files changed, 3 insertions(+), 10 deletions(-)
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
diff --git a/src/sss_client/nss_mc_group.c b/src/sss_client/nss_mc_group.c
|
|
|
ca1eb8 |
index 6a2336b6116f198adea94f9eda9d9632f9fc8268..3371e0ffc274cd55dad4e7cdb74456f9f4b92d8b 100644
|
|
|
ca1eb8 |
--- a/src/sss_client/nss_mc_group.c
|
|
|
ca1eb8 |
+++ b/src/sss_client/nss_mc_group.c
|
|
|
ca1eb8 |
@@ -152,12 +152,10 @@ errno_t sss_nss_mc_getgrnam(const char *name, size_t name_len,
|
|
|
ca1eb8 |
/* Integrity check
|
|
|
ca1eb8 |
* - data->name cannot point outside strings
|
|
|
ca1eb8 |
* - all strings must be within copy of record
|
|
|
ca1eb8 |
- * - record must not end outside data table
|
|
|
ca1eb8 |
* - rec_name is a zero-terminated string */
|
|
|
ca1eb8 |
if (data->name < strs_offset
|
|
|
ca1eb8 |
|| data->name >= strs_offset + data->strs_len
|
|
|
ca1eb8 |
- || data->strs_len > rec->len
|
|
|
ca1eb8 |
- || (uint8_t *) rec + rec->len > gr_mc_ctx.data_table + data_size) {
|
|
|
ca1eb8 |
+ || data->strs_len > rec->len) {
|
|
|
ca1eb8 |
ret = ENOENT;
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
diff --git a/src/sss_client/nss_mc_initgr.c b/src/sss_client/nss_mc_initgr.c
|
|
|
ca1eb8 |
index 5a8c661c7e15a085e9662297f62a6a84e70b669e..331930cef357d17c74892f67d5743ebc6a818631 100644
|
|
|
ca1eb8 |
--- a/src/sss_client/nss_mc_initgr.c
|
|
|
ca1eb8 |
+++ b/src/sss_client/nss_mc_initgr.c
|
|
|
ca1eb8 |
@@ -133,15 +133,12 @@ errno_t sss_nss_mc_initgroups_dyn(const char *name, size_t name_len,
|
|
|
ca1eb8 |
/* Integrity check
|
|
|
ca1eb8 |
* - data->name cannot point outside all strings or data
|
|
|
ca1eb8 |
* - all data must be within copy of record
|
|
|
ca1eb8 |
- * - size of record must be lower that data table size
|
|
|
ca1eb8 |
* - data->strs cannot point outside strings
|
|
|
ca1eb8 |
* - rec_name is a zero-terminated string */
|
|
|
ca1eb8 |
if (data->name < data_offset
|
|
|
ca1eb8 |
|| data->name >= data_offset + data->data_len
|
|
|
ca1eb8 |
|| data->strs_len > data->data_len
|
|
|
ca1eb8 |
- || data->data_len > rec->len
|
|
|
ca1eb8 |
- || (uint8_t *) rec + rec->len
|
|
|
ca1eb8 |
- > initgr_mc_ctx.data_table + data_size) {
|
|
|
ca1eb8 |
+ || data->data_len > rec->len) {
|
|
|
ca1eb8 |
ret = ENOENT;
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
diff --git a/src/sss_client/nss_mc_passwd.c b/src/sss_client/nss_mc_passwd.c
|
|
|
ca1eb8 |
index 3c62481778788173227f8a241953e421316e248d..ac44b711d8614ac0daa841a7a9dd5894f1a1eb08 100644
|
|
|
ca1eb8 |
--- a/src/sss_client/nss_mc_passwd.c
|
|
|
ca1eb8 |
+++ b/src/sss_client/nss_mc_passwd.c
|
|
|
ca1eb8 |
@@ -145,12 +145,10 @@ errno_t sss_nss_mc_getpwnam(const char *name, size_t name_len,
|
|
|
ca1eb8 |
/* Integrity check
|
|
|
ca1eb8 |
* - data->name cannot point outside strings
|
|
|
ca1eb8 |
* - all strings must be within copy of record
|
|
|
ca1eb8 |
- * - record must not end outside data table
|
|
|
ca1eb8 |
* - rec_name is a zero-terminated string */
|
|
|
ca1eb8 |
if (data->name < strs_offset
|
|
|
ca1eb8 |
|| data->name >= strs_offset + data->strs_len
|
|
|
ca1eb8 |
- || data->strs_len > rec->len
|
|
|
ca1eb8 |
- || (uint8_t *) rec + rec->len > pw_mc_ctx.data_table + data_size) {
|
|
|
ca1eb8 |
+ || data->strs_len > rec->len) {
|
|
|
ca1eb8 |
ret = ENOENT;
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
--
|
|
|
ca1eb8 |
2.14.4
|
|
|
ca1eb8 |
|