From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 13146 invoked from network); 1 Sep 2021 18:10:05 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 1 Sep 2021 18:10:05 -0000 Received: (qmail 18431 invoked by uid 550); 1 Sep 2021 18:10:02 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 18401 invoked from network); 1 Sep 2021 18:10:01 -0000 X-Virus-Scanned: Debian amavisd-new at disroot.org From: =?UTF-8?q?=C3=89rico=20Nogueira?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1630519789; bh=edqJ3MiY3gzX9KEsivRklvA/uknEoFSudMwBzuNkfEM=; h=From:To:Cc:Subject:Date; b=glgg7FEpSLropbuSIO3JmlNXJV3LHMku67csqOOpZ59D9L2FDFMXLYmunG/x44AQc 7LETfPuBefxst1v+0hNgWAQQ+zdNMydg13ciAsdP+23RT5338lVRFQBSFIKOeaR2kh UXXPNsKgUBGys3+GlRK336LKyqqz7+MoXpXZcxN8l64VvBHI9ZwSAE6ki2bkPmQOGF aDSxjH64C7bK/GzuQ/9sUErY2tOHX5ibZM7uPVM65w0IIXey0ynMfSn9yAdhcydVpx 2S7N0ibyz8qzXHPHAgIuDKzmbxDycBZ9oTWYlIvXwwRaEN2DDv+FFlxKMe8PsgbaDI kGX/7m4R+NeVg== To: musl@lists.openwall.com Cc: =?UTF-8?q?=C3=89rico=20Nogueira?= Date: Wed, 1 Sep 2021 15:09:31 -0300 Message-Id: <20210901180931.31875-1-ericonr@disroot.org> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [musl] [PATCH] fix nscd querying when the daemon is disabled for some query types for example, glibc's nscd, configured with `enable-cache passwd no`, will still answer passwd queries, but with a message that simply indicates it's disabled passwd querying. this is done by setting the passwdbuf[PWFOUND] field to -1, which we used to evaluate as "true" for the entry having been found, and then errored out when the rest of the query response had the length fields set to 0 instead of 1 (which is what we expect from empty fields, since they should contain an empty string). this is the case for group and initgroups queries as well. from our point of view, buf[xxFOUND] being -1 can be treated the same as if it was 0: a -1 response is equivalent to no nscd daemon running at all, and we treat daemon unavailability the same as the daemon not knowing about our query. --- src/passwd/getgr_a.c | 2 +- src/passwd/getgrouplist.c | 2 +- src/passwd/getpw_a.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/passwd/getgr_a.c b/src/passwd/getgr_a.c index afeb1ece..3408686c 100644 --- a/src/passwd/getgr_a.c +++ b/src/passwd/getgr_a.c @@ -64,7 +64,7 @@ int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf, size_t f = __nscd_query(req, key, groupbuf, sizeof groupbuf, &swap); if (!f) { rv = errno; goto done; } - if (!groupbuf[GRFOUND]) { rv = 0; goto cleanup_f; } + if (!groupbuf[GRFOUND] || groupbuf[GRFOUND] == -1) { rv = 0; goto cleanup_f; } if (!groupbuf[GRNAMELEN] || !groupbuf[GRPASSWDLEN]) { rv = EIO; diff --git a/src/passwd/getgrouplist.c b/src/passwd/getgrouplist.c index 301824ce..b5d85eec 100644 --- a/src/passwd/getgrouplist.c +++ b/src/passwd/getgrouplist.c @@ -28,7 +28,7 @@ int getgrouplist(const char *user, gid_t gid, gid_t *groups, int *ngroups) f = __nscd_query(GETINITGR, user, resp, sizeof resp, &swap); if (!f) goto cleanup; - if (resp[INITGRFOUND]) { + if (resp[INITGRFOUND] && resp[INITGRFOUND] != -1) { nscdbuf = calloc(resp[INITGRNGRPS], sizeof(uint32_t)); if (!nscdbuf) goto cleanup; size_t nbytes = sizeof(*nscdbuf)*resp[INITGRNGRPS]; diff --git a/src/passwd/getpw_a.c b/src/passwd/getpw_a.c index 15a70c03..8d555822 100644 --- a/src/passwd/getpw_a.c +++ b/src/passwd/getpw_a.c @@ -65,7 +65,7 @@ int __getpw_a(const char *name, uid_t uid, struct passwd *pw, char **buf, size_t f = __nscd_query(req, key, passwdbuf, sizeof passwdbuf, (int[]){0}); if (!f) { rv = errno; goto done; } - if(!passwdbuf[PWFOUND]) { rv = 0; goto cleanup_f; } + if(!passwdbuf[PWFOUND] || passwdbuf[PWFOUND] == -1) { rv = 0; goto cleanup_f; } /* A zero length response from nscd is invalid. We ignore * invalid responses and just report an error, rather than -- 2.33.0