[glibc] nss_compat: Do not use mmap to read database files (bug 26258)

public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed

* [glibc] nss_compat: Do not use mmap to read database files (bug 26258)
@ 2020-07-21  6:26 Florian Weimer
  0 siblings, 0 replies; only message in thread
From: Florian Weimer @ 2020-07-21  6:26 UTC (permalink / raw)
  To: glibc-cvs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23ed36735af09c258e542266aaed92cdd8571c6c

commit 23ed36735af09c258e542266aaed92cdd8571c6c
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Jul 16 16:21:28 2020 +0200

    nss_compat: Do not use mmap to read database files (bug 26258)
    
    This avoids crashes in case the files are truncated for some reason.
    For typically file sizes, it is also going to be slightly faster.
    Using __nss_files_fopen instead mirrors what nss_files does.
    
    Tested-by: Carlos O'Donell <carlos@redhat.com>
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

Diff:
---
 nss/nss_compat/compat-grp.c        | 6 ++----
 nss/nss_compat/compat-initgroups.c | 6 ++----
 nss/nss_compat/compat-pwd.c        | 6 ++----
 nss/nss_compat/compat-spwd.c       | 6 ++----
 4 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/nss/nss_compat/compat-grp.c b/nss/nss_compat/compat-grp.c
index d4f750b95c..510d49e8c7 100644
--- a/nss/nss_compat/compat-grp.c
+++ b/nss/nss_compat/compat-grp.c
@@ -26,6 +26,7 @@
 #include <string.h>
 #include <libc-lock.h>
 #include <kernel-features.h>
+#include <nss_files.h>
 
 NSS_DECLARE_MODULE_FUNCTIONS (compat)
 
@@ -108,13 +109,10 @@ internal_setgrent (ent_t *ent, int stayopen, int needent)
 
   if (ent->stream == NULL)
     {
-      ent->stream = fopen ("/etc/group", "rme");
+      ent->stream = __nss_files_fopen ("/etc/group");
 
       if (ent->stream == NULL)
 	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
-      else
-	/* We take care of locking ourself.  */
-	__fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
     }
   else
     rewind (ent->stream);
diff --git a/nss/nss_compat/compat-initgroups.c b/nss/nss_compat/compat-initgroups.c
index 3671bef48b..c0dcdf839d 100644
--- a/nss/nss_compat/compat-initgroups.c
+++ b/nss/nss_compat/compat-initgroups.c
@@ -29,6 +29,7 @@
 #include <libc-lock.h>
 #include <kernel-features.h>
 #include <scratch_buffer.h>
+#include <nss_files.h>
 
 NSS_DECLARE_MODULE_FUNCTIONS (compat)
 
@@ -122,13 +123,10 @@ internal_setgrent (ent_t *ent)
   else
     ent->blacklist.current = 0;
 
-  ent->stream = fopen ("/etc/group", "rme");
+  ent->stream = __nss_files_fopen ("/etc/group");
 
   if (ent->stream == NULL)
     status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
-  else
-    /* We take care of locking ourself.  */
-    __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
 
   return status;
 }
diff --git a/nss/nss_compat/compat-pwd.c b/nss/nss_compat/compat-pwd.c
index 394e39b811..3a212a0dab 100644
--- a/nss/nss_compat/compat-pwd.c
+++ b/nss/nss_compat/compat-pwd.c
@@ -27,6 +27,7 @@
 #include <string.h>
 #include <libc-lock.h>
 #include <kernel-features.h>
+#include <nss_files.h>
 
 #include "netgroup.h"
 #include "nisdomain.h"
@@ -223,13 +224,10 @@ internal_setpwent (ent_t *ent, int stayopen, int needent)
 
   if (ent->stream == NULL)
     {
-      ent->stream = fopen ("/etc/passwd", "rme");
+      ent->stream = __nss_files_fopen ("/etc/passwd");
 
       if (ent->stream == NULL)
 	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
-      else
-	/* We take care of locking ourself.  */
-	__fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
     }
   else
     rewind (ent->stream);
diff --git a/nss/nss_compat/compat-spwd.c b/nss/nss_compat/compat-spwd.c
index ec5bf283cd..d802ee0302 100644
--- a/nss/nss_compat/compat-spwd.c
+++ b/nss/nss_compat/compat-spwd.c
@@ -27,6 +27,7 @@
 #include <string.h>
 #include <libc-lock.h>
 #include <kernel-features.h>
+#include <nss_files.h>
 
 #include "netgroup.h"
 #include "nisdomain.h"
@@ -179,13 +180,10 @@ internal_setspent (ent_t *ent, int stayopen, int needent)
 
   if (ent->stream == NULL)
     {
-      ent->stream = fopen ("/etc/shadow", "rme");
+      ent->stream = __nss_files_fopen ("/etc/shadow");
 
       if (ent->stream == NULL)
 	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
-      else
-	/* We take care of locking ourself.  */
-	__fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
     }
   else
     rewind (ent->stream);


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2020-07-21  6:26 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-21  6:26 [glibc] nss_compat: Do not use mmap to read database files (bug 26258) Florian Weimer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).