From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 15317 invoked from network); 1 Sep 2021 18:28:09 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 1 Sep 2021 18:28:09 -0000 Received: (qmail 29802 invoked by uid 550); 1 Sep 2021 18:28:04 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 29772 invoked from network); 1 Sep 2021 18:28:03 -0000 X-Virus-Scanned: Debian amavisd-new at disroot.org From: =?UTF-8?q?=C3=89rico=20Nogueira?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1630520864; bh=GOfIN2fncUXCLCd7i9IynM1EKcaQIE5tgG+cktEC/7E=; h=From:To:Cc:Subject:Date; b=GyKtE7bs+dArdAgY0+q8dZQDsOXTVg9ajkFxLLeXZG8Hl72p6QbbAgfdXfH82l3vS klXhzO0Qbrsj+mE/sOXAkUIyA6VXf9xPGux2wn9D1p1TZAZfAz0NKATil5CI2XxH6V 5qrmPuZRxoteVY+wsKZZdBWoVjDPY+Szo57NwipvYzWBcTa2IWEL283rKkGXS1rjPJ 7owOJdLuxL1K7KPbp3t9tQRglJbTlWSiSkN8nNlioIPdbctuJeNq69ARufLXf1TvE/ WWAYqLIqg5NCEEGsUPcV5h8yjrQCNb4udmJEAgWRT6tiJKc6Hj0qmEWYD1FEgmrRcD U11jpnk/Tc9MQ== To: musl@lists.openwall.com Cc: =?UTF-8?q?=C3=89rico=20Nogueira?= Date: Wed, 1 Sep 2021 15:27:27 -0300 Message-Id: <20210901182727.10090-1-ericonr@disroot.org> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [musl] [PATCH v2] fix nscd querying when the daemon is disabled for some query types for example, glibc's nscd, configured with `enable-cache passwd no`, will still answer passwd queries, but with a message that simply indicates it's disabled passwd querying. this is done by setting the passwdbuf[PWFOUND] field to -1, which we used to evaluate as "true" for the entry having been found, and then errored out when the rest of the query response had the length fields set to 0 instead of 1 (which is what we expect from empty fields, since they should contain an empty string). this is the case for group and initgroups queries as well. from our point of view, buf[xxFOUND] being -1 can be treated the same as if it was 0: a -1 response is equivalent to no nscd daemon running at all, and we treat daemon unavailability the same as the daemon not knowing about our query. to simplify the code, we discard any answers with negative buf[xxFOUND]. --- src/passwd/getgr_a.c | 2 +- src/passwd/getgrouplist.c | 2 +- src/passwd/getpw_a.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/passwd/getgr_a.c b/src/passwd/getgr_a.c index afeb1ece..dbb9a4a1 100644 --- a/src/passwd/getgr_a.c +++ b/src/passwd/getgr_a.c @@ -64,7 +64,7 @@ int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf, size_t f = __nscd_query(req, key, groupbuf, sizeof groupbuf, &swap); if (!f) { rv = errno; goto done; } - if (!groupbuf[GRFOUND]) { rv = 0; goto cleanup_f; } + if (groupbuf[GRFOUND] <= 0) { rv = 0; goto cleanup_f; } if (!groupbuf[GRNAMELEN] || !groupbuf[GRPASSWDLEN]) { rv = EIO; diff --git a/src/passwd/getgrouplist.c b/src/passwd/getgrouplist.c index 301824ce..91e29612 100644 --- a/src/passwd/getgrouplist.c +++ b/src/passwd/getgrouplist.c @@ -28,7 +28,7 @@ int getgrouplist(const char *user, gid_t gid, gid_t *groups, int *ngroups) f = __nscd_query(GETINITGR, user, resp, sizeof resp, &swap); if (!f) goto cleanup; - if (resp[INITGRFOUND]) { + if (resp[INITGRFOUND] > 0) { nscdbuf = calloc(resp[INITGRNGRPS], sizeof(uint32_t)); if (!nscdbuf) goto cleanup; size_t nbytes = sizeof(*nscdbuf)*resp[INITGRNGRPS]; diff --git a/src/passwd/getpw_a.c b/src/passwd/getpw_a.c index 15a70c03..2479f7d2 100644 --- a/src/passwd/getpw_a.c +++ b/src/passwd/getpw_a.c @@ -65,7 +65,7 @@ int __getpw_a(const char *name, uid_t uid, struct passwd *pw, char **buf, size_t f = __nscd_query(req, key, passwdbuf, sizeof passwdbuf, (int[]){0}); if (!f) { rv = errno; goto done; } - if(!passwdbuf[PWFOUND]) { rv = 0; goto cleanup_f; } + if(passwdbuf[PWFOUND] <= 0) { rv = 0; goto cleanup_f; } /* A zero length response from nscd is invalid. We ignore * invalid responses and just report an error, rather than -- 2.33.0