[Bug libc/15385] New: Results from "getent group" may be truncated with nss_db

[Bug libc/15385] New: Results from "getent group" may be truncated with nss_db

[wjones at fluke dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=15385

             Bug #: 15385
           Summary: Results from "getent group" may be truncated with
                    nss_db
           Product: glibc
           Version: 2.15
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: unassigned@sourceware.org
        ReportedBy: wjones@fluke.com
                CC: drepper.fsp@gmail.com
    Classification: Unclassified


The results from "getent group" may be truncated when using nss_db.  This will
happen when getgrent() encounters a group entry long enough to overflow the
default 1024 byte buffer.  getgrent() sets errno to ERANGE and returns NULL,
but getent fails to check errno, and truncates the results at this point.

Two things make me suspect that this failure is avoidable:

  1. Requesting a specific long group entry will return it in full, e.g.:

         getent group myverylonggroup

  2. Our local configuration in /etc/nsswitch.conf looks like this:

         group:  files db

     Long entries in group.db will cause output from "getent group" to be
truncated as described, but if I add a long entry to /etc/group, it will be
output in full, along with all subsequent entries in group.db.  It appears that
that nss_files will grow the buffer as required, and then the expanded buffer
is used by nss_db.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/15385] Results from "getent group" may be truncated with nss_db

[wjones at fluke dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=15385

Warren Jones <wjones at fluke dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |wjones at fluke dot com

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/15385] Results from "getent group" may be truncated with nss_db

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=15385

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com
              Flags|                            |security+

--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
As groups can be used to deny privileges (see DenyGroups in OpenSSH), this is a
potential minor security issue.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/15385] Results from "getent group" may be truncated with nss_db

[kbonner at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=15385

kbonner at gmail dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kbonner at gmail dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug nss/15385] Results from "getent group" may be truncated with nss_db

[jsm28 at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=15385

Joseph Myers <jsm28 at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|libc                        |nss

-- 
You are receiving this mail because:
You are on the CC list for the bug.