From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=6qae=AB=gentoo.org=dilfridge@sourceware.org>
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	by sourceware.org (Postfix) with ESMTP id 8E2983858C5E
	for <libc-stable@sourceware.org>; Mon, 10 Apr 2023 22:37:51 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8E2983858C5E
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gentoo.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gentoo.org
From: "Andreas K. Huettel" <dilfridge@gentoo.org>
To: libc-stable@sourceware.org, fweimer@redhat.com
Subject:
 Backport "gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug
 30151)" ?
Date: Tue, 11 Apr 2023 00:37:42 +0200
Message-ID: <28020587.czjnFlTdjD@pinacolada>
Organization: Gentoo Linux
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart5858872.uKWtJMOXK1";
 micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Spam-Status: No, score=-9.7 required=5.0 tests=BAYES_00,GIT_PATCH_0,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,KAM_SHORT,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-stable.sourceware.org>

--nextPart5858872.uKWtJMOXK1
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"; protected-headers="v1"
From: "Andreas K. Huettel" <dilfridge@gentoo.org>
To: libc-stable@sourceware.org, fweimer@redhat.com
Date: Tue, 11 Apr 2023 00:37:42 +0200
Message-ID: <28020587.czjnFlTdjD@pinacolada>
Organization: Gentoo Linux
MIME-Version: 1.0

Could we please backport this commit to 2.37 and 2.36? 

The underlying bug causes crashes in several tools from the shadow package,
see https://bugs.gentoo.org/895784

Thanks!


>From 969e9733c7d17edf1e239a73fa172f357561f440 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 21 Feb 2023 09:20:28 +0100
Subject: [PATCH] gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug
 30151)

Before this change, sgetsgent_r did not set errno to ERANGE, but
sgetsgent only check errno, not the return value from sgetsgent_r.
Consequently, sgetsgent did not detect any error, and reported
success to the caller, without initializing the struct sgrp object
whose address was returned.

This commit changes sgetsgent_r to set errno as well.  This avoids
similar issues in applications which only change errno.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
 gshadow/Makefile        |  2 +-
 gshadow/sgetsgent_r.c   |  5 ++-
 gshadow/tst-sgetsgent.c | 69 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 74 insertions(+), 2 deletions(-)
 create mode 100644 gshadow/tst-sgetsgent.c

diff --git a/gshadow/Makefile b/gshadow/Makefile
index 796fbbf473..a95524593a 100644
--- a/gshadow/Makefile
+++ b/gshadow/Makefile
@@ -26,7 +26,7 @@ headers		= gshadow.h
 routines	= getsgent getsgnam sgetsgent fgetsgent putsgent \
 		  getsgent_r getsgnam_r sgetsgent_r fgetsgent_r
 
-tests = tst-gshadow tst-putsgent tst-fgetsgent_r
+tests = tst-gshadow tst-putsgent tst-fgetsgent_r tst-sgetsgent
 
 CFLAGS-getsgent_r.c += -fexceptions
 CFLAGS-getsgent.c += -fexceptions
diff --git a/gshadow/sgetsgent_r.c b/gshadow/sgetsgent_r.c
index ea085e91d7..c75624e1f7 100644
--- a/gshadow/sgetsgent_r.c
+++ b/gshadow/sgetsgent_r.c
@@ -61,7 +61,10 @@ __sgetsgent_r (const char *string, struct sgrp *resbuf, char *buffer,
       buffer[buflen - 1] = '\0';
       sp = strncpy (buffer, string, buflen);
       if (buffer[buflen - 1] != '\0')
-	return ERANGE;
+	{
+	  __set_errno (ERANGE);
+	  return ERANGE;
+	}
     }
   else
     sp = (char *) string;
diff --git a/gshadow/tst-sgetsgent.c b/gshadow/tst-sgetsgent.c
new file mode 100644
index 0000000000..0370c10fd0
--- /dev/null
+++ b/gshadow/tst-sgetsgent.c
@@ -0,0 +1,69 @@
+/* Test large input for sgetsgent (bug 30151).
+   Copyright (C) 2023 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <gshadow.h>
+#include <stddef.h>
+#include <support/check.h>
+#include <support/support.h>
+#include <support/xmemstream.h>
+#include <stdlib.h>
+
+static int
+do_test (void)
+{
+  /* Create a shadow group with 1000 members.  */
+  struct xmemstream mem;
+  xopen_memstream (&mem);
+  const char *passwd = "k+zD0nucwfxAo3sw1NXUj6K5vt5M16+X0TVGdE1uFvq5R8V7efJ";
+  fprintf (mem.out, "group-name:%s::m0", passwd);
+  for (int i = 1; i < 1000; ++i)
+    fprintf (mem.out, ",m%d", i);
+  xfclose_memstream (&mem);
+
+  /* Call sgetsgent.  */
+  char *input = mem.buffer;
+  struct sgrp *e = sgetsgent (input);
+  TEST_VERIFY_EXIT (e != NULL);
+  TEST_COMPARE_STRING (e->sg_namp, "group-name");
+  TEST_COMPARE_STRING (e->sg_passwd, passwd);
+  /* No administrators.  */
+  TEST_COMPARE_STRING (e->sg_adm[0], NULL);
+  /* Check the members list.  */
+  for (int i = 0; i < 1000; ++i)
+    {
+      char *member = xasprintf ("m%d", i);
+      TEST_COMPARE_STRING (e->sg_mem[i], member);
+      free (member);
+    }
+  TEST_COMPARE_STRING (e->sg_mem[1000], NULL);
+
+  /* Check that putsgent brings back the input string.  */
+  xopen_memstream (&mem);
+  TEST_COMPARE (putsgent (e, mem.out), 0);
+  xfclose_memstream (&mem);
+  /* Compare without the trailing '\n' that putsgent added.  */
+  TEST_COMPARE (mem.buffer[mem.length - 1], '\n');
+  mem.buffer[mem.length - 1] = '\0';
+  TEST_COMPARE_STRING (mem.buffer, input);
+
+  free (mem.buffer);
+  free (input);
+  return 0;
+}
+
+#include <support/test-driver.c>
-- 
2.39.2



--nextPart5858872.uKWtJMOXK1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQKTBAABCgB9FiEE/Rnm0xsZLuTcY+rT3CsWIV7VQSoFAmQ0j7dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZE
MTlFNkQzMUIxOTJFRTREQzYzRUFEM0RDMkIxNjIxNUVENTQxMkEACgkQ3CsWIV7V
QSp8TA//ZbHVQ1sH25+xOzDfrXecJkz4Hj96w/gJuuHMJxcZy7H6Xc945jnHYdBd
cEtJiNXiwftgLytXGhcTiRr/F1QCSDCKkZdkdDERG80T3vlPGEKWigknZEBVUit+
V4Ds2qxdzKT6P/36OVHFU01+q+hPuHOvFywm5AFxfs8deBjRx4lVdawnLKP/ikbh
qd9YljxTrfNTwXkvjSq2Aj6OxoNVys5e9PH7qC8A2mKk1WJyYkVzVjoLxblAlsHb
kwgwCTgpc+Lq3YFG+0x8ZRMJwUtpranecOMqqv1vN9cgmI50DC0u7iIu8wblExrI
UX+O6cqV7a637WiQXfPUg2fbZ25iE95lsOuObqIJXUAQa77QgG6ZwM/fJtCYQmnw
Z/6sZ62bJ8/isO4Q4ow5CCg5GmWDYzK151uhEadSEOL/GFIXIp9tJoes6+h7oDKa
g881XFeYoUDqpNOAhIO4iN8cGdC76Y97p7+N2stqcvWVUjShMDdkPHjVdKpSbqZO
Zz71h7JWwakPDJcSuAxXg5VzdopcejekamYQk4LZuqvSsG7U1wZX2QHCRX384XPm
jr3xLHhjffm3Psm1n9QpMIax15c26RT4uJ/+TEq0VS7u5m3ccrkr7SHX7zpvQ89E
Yo13YCaTyz66aJ/ywMJN8JRvUdis5ICEiHmC31IEqawIERl/stI=
=58pu
-----END PGP SIGNATURE-----

--nextPart5858872.uKWtJMOXK1--