From 64085ac9dbc95bc7b227f24a9a8ec78952c68227 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 11 Jul 2018 22:18:41 +0200
Subject: [PATCH] MC: Remove check if record is in the mapped address space
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There is a check in the memory cache code that checks if a record pointer
points to the mmapped region . But since some time ago, we return not
a pointer to the mmapped region itself, but a copy to avoid issues with
invalidating an entry while the same entry is being returned.
In most cases, the check is correct, simply because of how memory is laid
out on Linux, but in some cases the check was failing and causing a high
load of SSSD.
Signed-off-by: Jakub Hrozek <jhrozek@redhat.com>
Resolves:
https://pagure.io/SSSD/sssd/issue/3776
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit f1c2d4139b6107ee3e9bec0cbe5bf8c2ea8428b2)
DOWNSTREAM:
Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped
---
src/sss_client/nss_mc_group.c | 4 +---
src/sss_client/nss_mc_initgr.c | 5 +----
src/sss_client/nss_mc_passwd.c | 4 +---
3 files changed, 3 insertions(+), 10 deletions(-)
diff --git a/src/sss_client/nss_mc_group.c b/src/sss_client/nss_mc_group.c
index 6a2336b6116f198adea94f9eda9d9632f9fc8268..3371e0ffc274cd55dad4e7cdb74456f9f4b92d8b 100644
--- a/src/sss_client/nss_mc_group.c
+++ b/src/sss_client/nss_mc_group.c
@@ -152,12 +152,10 @@ errno_t sss_nss_mc_getgrnam(const char *name, size_t name_len,
/* Integrity check
* - data->name cannot point outside strings
* - all strings must be within copy of record
- * - record must not end outside data table
* - rec_name is a zero-terminated string */
if (data->name < strs_offset
|| data->name >= strs_offset + data->strs_len
- || data->strs_len > rec->len
- || (uint8_t *) rec + rec->len > gr_mc_ctx.data_table + data_size) {
+ || data->strs_len > rec->len) {
ret = ENOENT;
goto done;
}
diff --git a/src/sss_client/nss_mc_initgr.c b/src/sss_client/nss_mc_initgr.c
index 5a8c661c7e15a085e9662297f62a6a84e70b669e..331930cef357d17c74892f67d5743ebc6a818631 100644
--- a/src/sss_client/nss_mc_initgr.c
+++ b/src/sss_client/nss_mc_initgr.c
@@ -133,15 +133,12 @@ errno_t sss_nss_mc_initgroups_dyn(const char *name, size_t name_len,
/* Integrity check
* - data->name cannot point outside all strings or data
* - all data must be within copy of record
- * - size of record must be lower that data table size
* - data->strs cannot point outside strings
* - rec_name is a zero-terminated string */
if (data->name < data_offset
|| data->name >= data_offset + data->data_len
|| data->strs_len > data->data_len
- || data->data_len > rec->len
- || (uint8_t *) rec + rec->len
- > initgr_mc_ctx.data_table + data_size) {
+ || data->data_len > rec->len) {
ret = ENOENT;
goto done;
}
diff --git a/src/sss_client/nss_mc_passwd.c b/src/sss_client/nss_mc_passwd.c
index 3c62481778788173227f8a241953e421316e248d..ac44b711d8614ac0daa841a7a9dd5894f1a1eb08 100644
--- a/src/sss_client/nss_mc_passwd.c
+++ b/src/sss_client/nss_mc_passwd.c
@@ -145,12 +145,10 @@ errno_t sss_nss_mc_getpwnam(const char *name, size_t name_len,
/* Integrity check
* - data->name cannot point outside strings
* - all strings must be within copy of record
- * - record must not end outside data table
* - rec_name is a zero-terminated string */
if (data->name < strs_offset
|| data->name >= strs_offset + data->strs_len
- || data->strs_len > rec->len
- || (uint8_t *) rec + rec->len > pw_mc_ctx.data_table + data_size) {
+ || data->strs_len > rec->len) {
ret = ENOENT;
goto done;
}
--
2.14.4