Tree - rpms/glibc - CentOS Git server

olga / rpms / glibc

Forked from rpms/glibc 5 years ago

Source
Stats

Files

Blob Blame History Raw

 commit 03d2730b44cc2236318fd978afa2651753666c55
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Apr 29 14:41:25 2015 +0200
 
    CVE-2014-8121: Do not close NSS files database during iteration [BZ #18007]
 
diff -up glibc-2.17-c758a686/nss/Makefile.rh1165192 glibc-2.17-c758a686/nss/Makefile
--- glibc-2.17-c758a686/nss/Makefile.rh1165192	2015-01-14 21:22:57.558006945 +0100
+++ glibc-2.17-c758a686/nss/Makefile	2015-01-14 21:44:59.657777124 +0100
@@ -38,7 +38,7 @@ install-bin             := getent makedb
 makedb-modules = xmalloc hash-string
 extra-objs		+= $(makedb-modules:=.o)
 
-tests			= test-netdb tst-nss-test1 bug17079
+tests			= test-netdb tst-nss-test1 bug17079 tst-nss-getpwent
 xtests			= bug-erange
 
 include ../Makeconfig
diff -up glibc-2.17-c758a686/nss/nss_files/files-XXX.c.rh1165192 glibc-2.17-c758a686/nss/nss_files/files-XXX.c
--- glibc-2.17-c758a686/nss/nss_files/files-XXX.c.rh1165192	2015-01-14 21:22:14.630721754 +0100
+++ glibc-2.17-c758a686/nss/nss_files/files-XXX.c	2015-01-14 21:22:15.072725814 +0100
@@ -135,7 +135,7 @@ CONCAT(_nss_files_set,ENTNAME) (int stay
 
   __libc_lock_lock (lock);
 
-  status = internal_setent (stayopen);
+  status = internal_setent (1);
 
   if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0)
     {
diff -up glibc-2.17-c758a686/nss/tst-nss-getpwent.c.rh1165192 glibc-2.17-c758a686/nss/tst-nss-getpwent.c
--- glibc-2.17-c758a686/nss/tst-nss-getpwent.c.rh1165192	2015-01-14 21:23:50.003236107 +0100
+++ glibc-2.17-c758a686/nss/tst-nss-getpwent.c	2015-01-14 21:46:39.912194368 +0100
@@ -0,0 +1,116 @@
+/* Copyright (C) 2015 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <pwd.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int
+do_test (void)
+{
+  /* Count the number of entries in the password database, and fetch
+     data from the first and last entries.  */
+  size_t count = 0;
+  struct passwd * pw;
+  char *first_name = NULL;
+  uid_t first_uid = 0;
+  char *last_name = NULL;
+  uid_t last_uid = 0;
+  setpwent ();
+  while ((pw  = getpwent ()) != NULL)
+    {
+      if (first_name == NULL)
+	{
+	  first_name = strdup (pw->pw_name);
+	  if (first_name == NULL)
+	    {
+	      printf ("strdup: %m\n");
+	      return 1;
+	    }
+	  first_uid = pw->pw_uid;
+	}
+      
+      free (last_name);
+      last_name = strdup (pw->pw_name);
+      if (last_name == NULL)
+	{
+	  printf ("strdup: %m\n");
+	  return 1;
+	}
+      last_uid = pw->pw_uid;
+      ++count;
+    }
+  endpwent ();
+
+  if (count == 0)
+    {
+      printf ("No entries in the password database.\n");
+      return 0;
+    }
+
+  /* Try again, this time interleaving with name-based and UID-based
+     lookup operations.  The counts do not match if the interleaved
+     lookups affected the enumeration.  */
+  size_t new_count = 0;
+  setpwent ();
+  while ((pw  = getpwent ()) != NULL)
+    {
+      if (new_count == count)
+	{
+	  printf ("Additional entry in the password database.\n");
+	  return 1;
+	}
+      ++new_count;
+      struct passwd *pw2 = getpwnam (first_name);
+      if (pw2 == NULL)
+	{
+	  printf ("getpwnam (%s) failed: %m\n", first_name);
+	  return 1;
+	}
+      pw2 = getpwnam (last_name);
+      if (pw2 == NULL)
+	{
+	  printf ("getpwnam (%s) failed: %m\n", last_name);
+	  return 1;
+	}
+      pw2 = getpwuid (first_uid);
+      if (pw2 == NULL)
+	{
+	  printf ("getpwuid (%llu) failed: %m\n", (unsigned long long) first_uid);
+	  return 1;
+	}
+      pw2 = getpwuid (last_uid);
+      if (pw2 == NULL)
+	{
+	  printf ("getpwuid (%llu) failed: %m\n", (unsigned long long) last_uid);
+	  return 1;
+	}
+    }
+  endpwent ();
+  if (new_count < count)
+    {
+      printf ("Missing entry in the password database.\n");
+      return 1;
+    }
+  
+  return 0;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"

	commit 03d2730b44cc2236318fd978afa2651753666c55
	Author: Florian Weimer <fweimer@redhat.com>
	Date: Wed Apr 29 14:41:25 2015 +0200

	CVE-2014-8121: Do not close NSS files database during iteration [BZ #18007]

	diff -up glibc-2.17-c758a686/nss/Makefile.rh1165192 glibc-2.17-c758a686/nss/Makefile
	--- glibc-2.17-c758a686/nss/Makefile.rh1165192 2015-01-14 21:22:57.558006945 +0100
	+++ glibc-2.17-c758a686/nss/Makefile 2015-01-14 21:44:59.657777124 +0100
	@@ -38,7 +38,7 @@ install-bin := getent makedb
	makedb-modules = xmalloc hash-string
	extra-objs += $(makedb-modules:=.o)

	-tests = test-netdb tst-nss-test1 bug17079
	+tests = test-netdb tst-nss-test1 bug17079 tst-nss-getpwent
	xtests = bug-erange

	include ../Makeconfig
	diff -up glibc-2.17-c758a686/nss/nss_files/files-XXX.c.rh1165192 glibc-2.17-c758a686/nss/nss_files/files-XXX.c
	--- glibc-2.17-c758a686/nss/nss_files/files-XXX.c.rh1165192 2015-01-14 21:22:14.630721754 +0100
	+++ glibc-2.17-c758a686/nss/nss_files/files-XXX.c 2015-01-14 21:22:15.072725814 +0100
	@@ -135,7 +135,7 @@ CONCAT(_nss_files_set,ENTNAME) (int stay

	__libc_lock_lock (lock);

	- status = internal_setent (stayopen);
	+ status = internal_setent (1);

	if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0)
	{
	diff -up glibc-2.17-c758a686/nss/tst-nss-getpwent.c.rh1165192 glibc-2.17-c758a686/nss/tst-nss-getpwent.c
	--- glibc-2.17-c758a686/nss/tst-nss-getpwent.c.rh1165192 2015-01-14 21:23:50.003236107 +0100
	+++ glibc-2.17-c758a686/nss/tst-nss-getpwent.c 2015-01-14 21:46:39.912194368 +0100
	@@ -0,0 +1,116 @@
	+/* Copyright (C) 2015 Free Software Foundation, Inc.
	+ This file is part of the GNU C Library.
	+
	+ The GNU C Library is free software; you can redistribute it and/or
	+ modify it under the terms of the GNU Lesser General Public
	+ License as published by the Free Software Foundation; either
	+ version 2.1 of the License, or (at your option) any later version.
	+
	+ The GNU C Library is distributed in the hope that it will be useful,
	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ Lesser General Public License for more details.
	+
	+ You should have received a copy of the GNU Lesser General Public
	+ License along with the GNU C Library; if not, see
	+ <http://www.gnu.org/licenses/>. */
	+
	+#include <pwd.h>
	+#include <stdbool.h>
	+#include <stdio.h>
	+#include <stdlib.h>
	+#include <string.h>
	+
	+int
	+do_test (void)
	+{
	+ /* Count the number of entries in the password database, and fetch
	+ data from the first and last entries. */
	+ size_t count = 0;
	+ struct passwd * pw;
	+ char *first_name = NULL;
	+ uid_t first_uid = 0;
	+ char *last_name = NULL;
	+ uid_t last_uid = 0;
	+ setpwent ();
	+ while ((pw = getpwent ()) != NULL)
	+ {
	+ if (first_name == NULL)
	+ {
	+ first_name = strdup (pw->pw_name);
	+ if (first_name == NULL)
	+ {
	+ printf ("strdup: %m\n");
	+ return 1;
	+ }
	+ first_uid = pw->pw_uid;
	+ }
	+
	+ free (last_name);
	+ last_name = strdup (pw->pw_name);
	+ if (last_name == NULL)
	+ {
	+ printf ("strdup: %m\n");
	+ return 1;
	+ }
	+ last_uid = pw->pw_uid;
	+ ++count;
	+ }
	+ endpwent ();
	+
	+ if (count == 0)
	+ {
	+ printf ("No entries in the password database.\n");
	+ return 0;
	+ }
	+
	+ /* Try again, this time interleaving with name-based and UID-based
	+ lookup operations. The counts do not match if the interleaved
	+ lookups affected the enumeration. */
	+ size_t new_count = 0;
	+ setpwent ();
	+ while ((pw = getpwent ()) != NULL)
	+ {
	+ if (new_count == count)
	+ {
	+ printf ("Additional entry in the password database.\n");
	+ return 1;
	+ }
	+ ++new_count;
	+ struct passwd *pw2 = getpwnam (first_name);
	+ if (pw2 == NULL)
	+ {
	+ printf ("getpwnam (%s) failed: %m\n", first_name);
	+ return 1;
	+ }
	+ pw2 = getpwnam (last_name);
	+ if (pw2 == NULL)
	+ {
	+ printf ("getpwnam (%s) failed: %m\n", last_name);
	+ return 1;
	+ }
	+ pw2 = getpwuid (first_uid);
	+ if (pw2 == NULL)
	+ {
	+ printf ("getpwuid (%llu) failed: %m\n", (unsigned long long) first_uid);
	+ return 1;
	+ }
	+ pw2 = getpwuid (last_uid);
	+ if (pw2 == NULL)
	+ {
	+ printf ("getpwuid (%llu) failed: %m\n", (unsigned long long) last_uid);
	+ return 1;
	+ }
	+ }
	+ endpwent ();
	+ if (new_count < count)
	+ {
	+ printf ("Missing entry in the password database.\n");
	+ return 1;
	+ }
	+
	+ return 0;
	+}
	+
	+#define TEST_FUNCTION do_test ()
	+#include "../test-skeleton.c"

olga / rpms / glibc

Source Code

Files