BZ#14498: fix infinite loop in nss_db

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

* BZ#14498: fix infinite loop in nss_db_getservbyname
@ 2014-11-13 21:52 Alexandre Oliva
  2014-11-19 10:06 ` Siddhesh Poyarekar
  0 siblings, 1 reply; 2+ messages in thread
From: Alexandre Oliva @ 2014-11-13 21:52 UTC (permalink / raw)
  To: libc-alpha

nss_db uses nss_files code for services, but a continue on protocol
mismatch that doesn't affect nss_files skipped the code that advanced
to the next db entry.  Any one of these changes would suffice to fix
it, but fixing both makes them both safer to reuse elsewhere.

Regression tested on x86_64-linux-gnu.  Ok to install?


for  ChangeLog

	[BZ #14498]
	* NEWS: Fixed.
	* nss/nss_db/db-XXX.c (_nss_db_get##name##_r): Update hidx
	after parsing line but before break_if_match.
	* nss/nss_files/files-service (DB_LOOKUP): Don't "continue;"
	if there is a protocol mismatch.
---
 NEWS                          |    8 ++++----
 nss/nss_db/db-XXX.c           |    9 ++++++---
 nss/nss_files/files-service.c |    7 +++++--
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/NEWS b/NEWS
index 918b4a1..9ed697c 100644
--- a/NEWS
+++ b/NEWS
@@ -9,10 +9,10 @@ Version 2.21
 
 * The following bugs are resolved with this release:
 
-  6652, 12926, 14132, 14138, 14171, 15215, 15884, 17266, 17344, 17363,
-  17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522,
-  17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585,
-  17589.
+  6652, 12926, 14132, 14138, 14171, 14498, 15215, 15884, 17266, 17344,
+  17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508,
+  17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584,
+  17585, 17589.
 
 * New locales: tu_IN, bh_IN.
 \f
diff --git a/nss/nss_db/db-XXX.c b/nss/nss_db/db-XXX.c
index 89b1a12..e950887 100644
--- a/nss/nss_db/db-XXX.c
+++ b/nss/nss_db/db-XXX.c
@@ -191,6 +191,12 @@ enum nss_status								      \
       char *p = memcpy (buffer, valstr, len);				      \
 									      \
       int err = parse_line (p, result, data, buflen, errnop EXTRA_ARGS);      \
+									      \
+      /* Advance before break_if_match, lest it uses continue to skip
+	 to the next entry.  */						      \
+      if ((hidx += hval2) >= header->dbs[i].hashsize)			      \
+	hidx -= header->dbs[i].hashsize;				      \
+									      \
       if (err > 0)							      \
 	{								      \
 	  status = NSS_STATUS_SUCCESS;					      \
@@ -203,9 +209,6 @@ enum nss_status								      \
 	  status = NSS_STATUS_TRYAGAIN;					      \
 	  break;							      \
 	}								      \
-									      \
-      if ((hidx += hval2) >= header->dbs[i].hashsize)			      \
-	hidx -= header->dbs[i].hashsize;				      \
     }									      \
 									      \
   if (status == NSS_STATUS_NOTFOUND)					      \
diff --git a/nss/nss_files/files-service.c b/nss/nss_files/files-service.c
index 2401cb0..c28c62f 100644
--- a/nss/nss_files/files-service.c
+++ b/nss/nss_files/files-service.c
@@ -44,8 +44,11 @@ DB_LOOKUP (servbyname, ':',
 	   {
 	     /* Must match both protocol (if specified) and name.  */
 	     if (proto != NULL && strcmp (result->s_proto, proto))
-	       continue;
-	     LOOKUP_NAME (s_name, s_aliases)
+	       /* A continue statement here breaks nss_db, because it
+		bypasses advancing to the next db entry, and it
+		doesn't make nss_files any more efficient.  */;
+	     else
+	       LOOKUP_NAME (s_name, s_aliases)
 	   },
 	   const char *name, const char *proto)
 


-- 
Alexandre Oliva, freedom fighter    http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/   FSF Latin America board member
Free Software Evangelist|Red Hat Brasil GNU Toolchain Engineer

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: BZ#14498: fix infinite loop in nss_db_getservbyname
  2014-11-13 21:52 BZ#14498: fix infinite loop in nss_db_getservbyname Alexandre Oliva
@ 2014-11-19 10:06 ` Siddhesh Poyarekar
  0 siblings, 0 replies; 2+ messages in thread
From: Siddhesh Poyarekar @ 2014-11-19 10:06 UTC (permalink / raw)
  To: Alexandre Oliva; +Cc: libc-alpha

[-- Attachment #1: Type: text/plain, Size: 731 bytes --]

On Thu, Nov 13, 2014 at 07:52:29PM -0200, Alexandre Oliva wrote:
> nss_db uses nss_files code for services, but a continue on protocol
> mismatch that doesn't affect nss_files skipped the code that advanced
> to the next db entry.  Any one of these changes would suffice to fix
> it, but fixing both makes them both safer to reuse elsewhere.
> 
> Regression tested on x86_64-linux-gnu.  Ok to install?
> 
> 
> for  ChangeLog
> 
> 	[BZ #14498]
> 	* NEWS: Fixed.
> 	* nss/nss_db/db-XXX.c (_nss_db_get##name##_r): Update hidx
> 	after parsing line but before break_if_match.
> 	* nss/nss_files/files-service (DB_LOOKUP): Don't "continue;"
> 	if there is a protocol mismatch.

Looks good to me.

Thanks,
Siddhesh

[-- Attachment #2: Type: application/pgp-signature, Size: 473 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-11-19 10:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-11-13 21:52 BZ#14498: fix infinite loop in nss_db_getservbyname Alexandre Oliva
2014-11-19 10:06 ` Siddhesh Poyarekar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).