From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) by sourceware.org (Postfix) with ESMTPS id ED1F43858C27 for ; Fri, 10 Dec 2021 11:07:37 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org ED1F43858C27 Received: by mail-ua1-x929.google.com with SMTP id ay21so16029265uab.12 for ; Fri, 10 Dec 2021 03:07:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Lz3QbDTDHHGeG4Pb5D+gU9VZBhkDT0aIO+TB70kRLlQ=; b=gwEq0PlY06FWV72MkRWjYy0jgR3gZcOGo0nfbP1GaVWZQ5azHh2+OAmvjFG9OWujsj TRPUxuHFYAp8q5eMQBDvEd0QWu8I6KKiedYr/bwR+roX2DwG9AbXWYU4tfLHsrmjxnpH dqdtEduf5mtD0BzoF5sWuRJAtI4jDGUoPLHWqYJ1NS+YlrsPNHdc91MevzMvHSCrCk79 Q6knBK6Fz7sMW7CbZ7nmlhs45DAkB4YXtwQiY7V45rkVA5tWatOcfbql3BJDjyZhUeCW RGmYk4zedoxGWm3jYoV9OxUh4my4pz1bZwCAia3o/5vsqAd60EbIxO5lRGIBJkLfAxKd 4yGg== X-Gm-Message-State: AOAM530R30FqYeigtcXjeB8A4E8iJnZA/z470uVH+oOT5pQwpCVTO8PR NHkFs9zsyK4o5MT1aE09Mz55mu/EkcosGg== X-Google-Smtp-Source: ABdhPJwwSUHaWdI+5Noe1Vz6laNVDrX2jleT2+5CSH3G8wyYlij9/20CU8G1nxihm4e4vODHdMlr5Q== X-Received: by 2002:a67:e910:: with SMTP id c16mr14952988vso.13.1639134457312; Fri, 10 Dec 2021 03:07:37 -0800 (PST) Received: from birita.. ([2804:431:c7ca:a776:ce11:d591:8bd5:613f]) by smtp.gmail.com with ESMTPSA id w11sm1704758vkm.14.2021.12.10.03.07.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Dec 2021 03:07:37 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Subject: [PATCH v2 1/3] inet: Fix getnameinfo (NI_NOFQDN) race condition (BZ#28566) Date: Fri, 10 Dec 2021 08:07:31 -0300 Message-Id: <20211210110733.1499984-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211210110733.1499984-1-adhemerval.zanella@linaro.org> References: <20211210110733.1499984-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2021 11:07:39 -0000 The 'not_first' is accessed on nrl_domainname() in a non atomically way, although it is only updated after the lock is taken. This patch fix the double-checked locking by using acquire-release atomic operation instead of plain load and by moving the 'not_first' store only after 'domain' is actually set. Checked on x86_64-linux-gnu. --- inet/getnameinfo.c | 148 ++++++++++++++++++++++++--------------------- 1 file changed, 78 insertions(+), 70 deletions(-) diff --git a/inet/getnameinfo.c b/inet/getnameinfo.c index 8380d85783..5eee354200 100644 --- a/inet/getnameinfo.c +++ b/inet/getnameinfo.c @@ -83,104 +83,112 @@ libc_freeres_ptr (static char *domain); now ignored. */ #define DEPRECATED_NI_IDN 192 -static char * -nrl_domainname (void) +static void +nrl_domainname_core (struct scratch_buffer *tmpbuf) { - static int not_first; + char *c; + struct hostent *h, th; + int herror; - if (! not_first) + while (__gethostbyname_r ("localhost", &th, + tmpbuf->data, tmpbuf->length, + &h, &herror)) { - __libc_lock_define_initialized (static, lock); - __libc_lock_lock (lock); - - if (! not_first) + if (herror == NETDB_INTERNAL && errno == ERANGE) { - char *c; - struct hostent *h, th; - int herror; - struct scratch_buffer tmpbuf; - - scratch_buffer_init (&tmpbuf); - not_first = 1; + if (!scratch_buffer_grow (tmpbuf)) + return; + } + else + break; + } - while (__gethostbyname_r ("localhost", &th, - tmpbuf.data, tmpbuf.length, + if (h != NULL && (c = strchr (h->h_name, '.')) != NULL) + domain = __strdup (++c); + else + { + /* The name contains no domain information. Use the name + now to get more information. */ + while (__gethostname (tmpbuf->data, tmpbuf->length)) + if (!scratch_buffer_grow (tmpbuf)) + return; + + if ((c = strchr (tmpbuf->data, '.')) != NULL) + domain = __strdup (++c); + else + { + /* We need to preserve the hostname. */ + const char *hstname = strdupa (tmpbuf->data); + while (__gethostbyname_r (hstname, &th, + tmpbuf->data, + tmpbuf->length, &h, &herror)) { if (herror == NETDB_INTERNAL && errno == ERANGE) { - if (!scratch_buffer_grow (&tmpbuf)) - goto done; + if (!scratch_buffer_grow (tmpbuf)) + return; } else break; } - if (h && (c = strchr (h->h_name, '.'))) + if (h != NULL && (c = strchr(h->h_name, '.')) != NULL) domain = __strdup (++c); else { - /* The name contains no domain information. Use the name - now to get more information. */ - while (__gethostname (tmpbuf.data, tmpbuf.length)) - if (!scratch_buffer_grow (&tmpbuf)) - goto done; + struct in_addr in_addr; - if ((c = strchr (tmpbuf.data, '.'))) - domain = __strdup (++c); - else - { - /* We need to preserve the hostname. */ - const char *hstname = strdupa (tmpbuf.data); + in_addr.s_addr = htonl (INADDR_LOOPBACK); - while (__gethostbyname_r (hstname, &th, - tmpbuf.data, tmpbuf.length, - &h, &herror)) + while (__gethostbyaddr_r ((const char *) &in_addr, + sizeof (struct in_addr), + AF_INET, &th, + tmpbuf->data, + tmpbuf->length, + &h, &herror)) + { + if (herror == NETDB_INTERNAL && errno == ERANGE) { - if (herror == NETDB_INTERNAL && errno == ERANGE) - { - if (!scratch_buffer_grow (&tmpbuf)) - goto done; - } - else - break; + if (!scratch_buffer_grow (tmpbuf)) + return; } - - if (h && (c = strchr(h->h_name, '.'))) - domain = __strdup (++c); else - { - struct in_addr in_addr; - - in_addr.s_addr = htonl (INADDR_LOOPBACK); - - while (__gethostbyaddr_r ((const char *) &in_addr, - sizeof (struct in_addr), - AF_INET, &th, - tmpbuf.data, tmpbuf.length, - &h, &herror)) - { - if (herror == NETDB_INTERNAL && errno == ERANGE) - { - if (!scratch_buffer_grow (&tmpbuf)) - goto done; - } - else - break; - } - - if (h && (c = strchr (h->h_name, '.'))) - domain = __strdup (++c); - } + break; } + + if (h != NULL && (c = strchr (h->h_name, '.')) != NULL) + domain = __strdup (++c); } - done: - scratch_buffer_free (&tmpbuf); } + } +} - __libc_lock_unlock (lock); +static char * +nrl_domainname (void) +{ + static int not_first; + + if (__glibc_likely (atomic_load_acquire (¬_first) != 0)) + return domain; + + __libc_lock_define_initialized (static, lock); + __libc_lock_lock (lock); + + if (atomic_load_relaxed (¬_first) == 0) + { + struct scratch_buffer tmpbuf; + scratch_buffer_init (&tmpbuf); + + nrl_domainname_core (&tmpbuf); + + scratch_buffer_free (&tmpbuf); + + atomic_store_release (¬_first, 1); } + __libc_lock_unlock (lock); + return domain; }; -- 2.32.0