| From 23ed36735af09c258e542266aaed92cdd8571c6c Mon Sep 17 00:00:00 2001 |
| From: Florian Weimer <fweimer@redhat.com> |
| Date: Thu, 16 Jul 2020 16:21:28 +0200 |
| Subject: [PATCH 02/11] nss_compat: Do not use mmap to read database files (bug |
| 26258) |
| |
| This avoids crashes in case the files are truncated for some reason. |
| For typically file sizes, it is also going to be slightly faster. |
| Using __nss_files_fopen instead mirrors what nss_files does. |
| |
| Tested-by: Carlos O'Donell <carlos@redhat.com> |
| Reviewed-by: Carlos O'Donell <carlos@redhat.com> |
| |
| nss/nss_compat/compat-grp.c | 6 ++---- |
| nss/nss_compat/compat-initgroups.c | 6 ++---- |
| nss/nss_compat/compat-pwd.c | 6 ++---- |
| nss/nss_compat/compat-spwd.c | 6 ++---- |
| 4 files changed, 8 insertions(+), 16 deletions(-) |
| |
| diff -rup a/nss/nss_compat/compat-grp.c b/nss/nss_compat/compat-grp.c |
| |
| |
| @@ -26,6 +26,7 @@ |
| #include <string.h> |
| #include <libc-lock.h> |
| #include <kernel-features.h> |
| +#include <nss_files.h> |
| |
| static service_user *ni; |
| static enum nss_status (*nss_setgrent) (int stayopen); |
| @@ -106,13 +107,10 @@ internal_setgrent (ent_t *ent, int stayo |
| |
| if (ent->stream == NULL) |
| { |
| - ent->stream = fopen ("/etc/group", "rme"); |
| + ent->stream = __nss_files_fopen ("/etc/group"); |
| |
| if (ent->stream == NULL) |
| status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; |
| - else |
| - /* We take care of locking ourself. */ |
| - __fsetlocking (ent->stream, FSETLOCKING_BYCALLER); |
| } |
| else |
| rewind (ent->stream); |
| diff -rup a/nss/nss_compat/compat-initgroups.c b/nss/nss_compat/compat-initgroups.c |
| |
| |
| @@ -29,6 +29,7 @@ |
| #include <libc-lock.h> |
| #include <kernel-features.h> |
| #include <scratch_buffer.h> |
| +#include <nss_files.h> |
| |
| static service_user *ni; |
| /* Type of the lookup function. */ |
| @@ -121,13 +122,10 @@ internal_setgrent (ent_t *ent) |
| else |
| ent->blacklist.current = 0; |
| |
| - ent->stream = fopen ("/etc/group", "rme"); |
| + ent->stream = __nss_files_fopen ("/etc/group"); |
| |
| if (ent->stream == NULL) |
| status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; |
| - else |
| - /* We take care of locking ourself. */ |
| - __fsetlocking (ent->stream, FSETLOCKING_BYCALLER); |
| |
| return status; |
| } |
| diff -rup a/nss/nss_compat/compat-pwd.c b/nss/nss_compat/compat-pwd.c |
| |
| |
| @@ -27,6 +27,7 @@ |
| #include <string.h> |
| #include <libc-lock.h> |
| #include <kernel-features.h> |
| +#include <nss_files.h> |
| |
| #include "netgroup.h" |
| #include "nisdomain.h" |
| @@ -221,13 +222,10 @@ internal_setpwent (ent_t *ent, int stayo |
| |
| if (ent->stream == NULL) |
| { |
| - ent->stream = fopen ("/etc/passwd", "rme"); |
| + ent->stream = __nss_files_fopen ("/etc/passwd"); |
| |
| if (ent->stream == NULL) |
| status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; |
| - else |
| - /* We take care of locking ourself. */ |
| - __fsetlocking (ent->stream, FSETLOCKING_BYCALLER); |
| } |
| else |
| rewind (ent->stream); |
| diff -rup a/nss/nss_compat/compat-spwd.c b/nss/nss_compat/compat-spwd.c |
| |
| |
| @@ -27,6 +27,7 @@ |
| #include <string.h> |
| #include <libc-lock.h> |
| #include <kernel-features.h> |
| +#include <nss_files.h> |
| |
| #include "netgroup.h" |
| #include "nisdomain.h" |
| @@ -177,13 +178,10 @@ internal_setspent (ent_t *ent, int stayo |
| |
| if (ent->stream == NULL) |
| { |
| - ent->stream = fopen ("/etc/shadow", "rme"); |
| + ent->stream = __nss_files_fopen ("/etc/shadow"); |
| |
| if (ent->stream == NULL) |
| status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; |
| - else |
| - /* We take care of locking ourself. */ |
| - __fsetlocking (ent->stream, FSETLOCKING_BYCALLER); |
| } |
| else |
| rewind (ent->stream); |