From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha@sourceware.org>
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61])
 by sourceware.org (Postfix) with ESMTP id 718C23851C0A
 for <libc-stable@sourceware.org>; Tue, 19 May 2020 15:03:26 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 718C23851C0A
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-270-ZHgWDpAUN3679YitmlZ8DA-1; Tue, 19 May 2020 11:03:22 -0400
X-MC-Unique: ZHgWDpAUN3679YitmlZ8DA-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 73E011800D42
 for <libc-stable@sourceware.org>; Tue, 19 May 2020 15:03:21 +0000 (UTC)
Received: from oldenburg2.str.redhat.com (ovpn-113-18.ams2.redhat.com
 [10.36.113.18])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 9368260BE1
 for <libc-stable@sourceware.org>; Tue, 19 May 2020 15:03:20 +0000 (UTC)
Resent-To: libc-stable@sourceware.org
Resent-From: Florian Weimer <fweimer@redhat.com>
Resent-Date: Tue, 19 May 2020 17:03:19 +0200
Resent-Message-ID: <87blmkezm0.fsf@oldenburg2.str.redhat.com>
Received: from zmta01.collab.prod.int.phx2.redhat.com (LHLO
 zmta01.collab.prod.int.phx2.redhat.com) (10.5.81.8) by
 zmail18.collab.prod.int.phx2.redhat.com with LMTP; Tue, 19 May 2020
 10:55:51 -0400 (EDT)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
 [10.11.54.6])
 by zmta01.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 4DA221893B4
 for <fweimer@mail.corp.redhat.com>; Tue, 19 May 2020 10:55:51 -0400 (EDT)
Received: by smtp.corp.redhat.com (Postfix)
 id 1E1002156A3A; Tue, 19 May 2020 14:55:51 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 197402156A22
 for <fweimer@redhat.com>; Tue, 19 May 2020 14:55:51 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 01964811E7A
 for <fweimer@redhat.com>; Tue, 19 May 2020 14:55:51 +0000 (UTC)
Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (Using
 TLS) by relay.mimecast.com with ESMTP id
 us-mta-140-AZFLYCtRPYacXfN12QMX8A-1; Tue, 19 May 2020 10:55:46 -0400
X-MC-Unique: AZFLYCtRPYacXfN12QMX8A-1
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id C20DB393F85B;
 Tue, 19 May 2020 14:55:43 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C20DB393F85B
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61])
 by sourceware.org (Postfix) with ESMTP id 4D7243938C10
 for <libc-alpha@sourceware.org>; Tue, 19 May 2020 14:55:41 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 4D7243938C10
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-402-nkcb0IWKPrqexQAV_LypvA-1; Tue, 19 May 2020 10:55:39 -0400
X-MC-Unique: nkcb0IWKPrqexQAV_LypvA-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 58A17800D24
 for <libc-alpha@sourceware.org>; Tue, 19 May 2020 14:55:38 +0000 (UTC)
Received: from oldenburg2.str.redhat.com (ovpn-113-18.ams2.redhat.com
 [10.36.113.18])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id A2FFD6E71C
 for <libc-alpha@sourceware.org>; Tue, 19 May 2020 14:55:37 +0000 (UTC)
To: libc-alpha@sourceware.org
Subject: [2.31 COMMITTED] nss_compat: internal_end*ent may clobber errno,
 hiding ERANGE [BZ #25976]
Date: Tue, 19 May 2020 16:55:36 +0200
Message-ID: <87pnb0ezyv.fsf@oldenburg2.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Spam-Status: No, score=-16.7 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, MAILING_LIST_MULTI,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NEUTRAL,
 TXREP autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Post: <mailto:libc-alpha@sourceware.org>
From: Florian Weimer via Libc-alpha <libc-alpha@sourceware.org>
Reply-To: Florian Weimer <fweimer@redhat.com>
Errors-To: libc-alpha-bounces@sourceware.org
Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org>
X-Mimecast-Bulk-Signature: yes
X-Mimecast-Spam-Signature: bulk
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-TUID: 5e8d6KorAKKX
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: sourceware.org
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
X-BeenThere: libc-stable@sourceware.org
List-Id: Libc-stable mailing list <libc-stable.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-stable>,
 <mailto:libc-stable-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-stable/>
List-Help: <mailto:libc-stable-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-stable>,
 <mailto:libc-stable-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2020 15:03:27 -0000

During cleanup, before returning from get*_r functions, the end*ent
calls must not change errno.  Otherwise, an ERANGE error from the
underlying implementation can be hidden, causing unexpected lookup
failures.  This commit introduces an internal_end*ent_noerror
function which saves and restore errno, and marks the original
internal_end*ent function as warn_unused_result, so that it is used
only in contexts were errors from it can be handled explicitly.

Reviewed-by: DJ Delorie <dj@redhat.com>
(cherry picked from commit 790b8dda4455865cb8c3a47801f4304c1a43baf6)

---
 NEWS                               |  1 +
 nss/nss_compat/compat-grp.c        | 15 ++++++++++++---
 nss/nss_compat/compat-initgroups.c | 13 +++++++++++--
 nss/nss_compat/compat-pwd.c        | 15 ++++++++++++---
 nss/nss_compat/compat-spwd.c       | 14 +++++++++++---
 5 files changed, 47 insertions(+), 11 deletions(-)

diff --git a/NEWS b/NEWS
index 9bfd01ccb1..24371e5745 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,7 @@ The following bugs are resolved with this release:
   [25896] Incorrect prctl
   [25902] Bad LOADARGS_N
   [25966] Incorrect access of __x86_shared_non_temporal_threshold for x32
+  [25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
=20
 Security related changes:
=20
diff --git a/nss/nss_compat/compat-grp.c b/nss/nss_compat/compat-grp.c
index a8de1e03b3..f8b19a5cf0 100644
--- a/nss/nss_compat/compat-grp.c
+++ b/nss/nss_compat/compat-grp.c
@@ -142,7 +142,7 @@ _nss_compat_setgrent (int stayopen)
 }
=20
=20
-static enum nss_status
+static enum nss_status __attribute_warn_unused_result__
 internal_endgrent (ent_t *ent)
 {
   if (ent->stream !=3D NULL)
@@ -163,6 +163,15 @@ internal_endgrent (ent_t *ent)
   return NSS_STATUS_SUCCESS;
 }
=20
+/* Like internal_endgrent, but preserve errno in all cases.  */
+static void
+internal_endgrent_noerror (ent_t *ent)
+{
+  int saved_errno =3D errno;
+  enum nss_status unused __attribute__ ((unused)) =3D internal_endgrent (e=
nt);
+  __set_errno (saved_errno);
+}
+
 enum nss_status
 _nss_compat_endgrent (void)
 {
@@ -483,7 +492,7 @@ _nss_compat_getgrnam_r (const char *name, struct group =
*grp,
   if (result =3D=3D NSS_STATUS_SUCCESS)
     result =3D internal_getgrnam_r (name, grp, &ent, buffer, buflen, errno=
p);
=20
-  internal_endgrent (&ent);
+  internal_endgrent_noerror (&ent);
=20
   return result;
 }
@@ -612,7 +621,7 @@ _nss_compat_getgrgid_r (gid_t gid, struct group *grp,
   if (result =3D=3D NSS_STATUS_SUCCESS)
     result =3D internal_getgrgid_r (gid, grp, &ent, buffer, buflen, errnop=
);
=20
-  internal_endgrent (&ent);
+  internal_endgrent_noerror (&ent);
=20
   return result;
 }
diff --git a/nss/nss_compat/compat-initgroups.c b/nss/nss_compat/compat-ini=
tgroups.c
index 939b25b33b..7591442ff9 100644
--- a/nss/nss_compat/compat-initgroups.c
+++ b/nss/nss_compat/compat-initgroups.c
@@ -133,7 +133,7 @@ internal_setgrent (ent_t *ent)
 }
=20
=20
-static enum nss_status
+static enum nss_status __attribute_warn_unused_result__
 internal_endgrent (ent_t *ent)
 {
   if (ent->stream !=3D NULL)
@@ -157,6 +157,15 @@ internal_endgrent (ent_t *ent)
   return NSS_STATUS_SUCCESS;
 }
=20
+/* Like internal_endgrent, but preserve errno in all cases.  */
+static void
+internal_endgrent_noerror (ent_t *ent)
+{
+  int saved_errno =3D errno;
+  enum nss_status unused __attribute__ ((unused)) =3D internal_endgrent (e=
nt);
+  __set_errno (saved_errno);
+}
+
 /* Add new group record.  */
 static void
 add_group (long int *start, long int *size, gid_t **groupsp, long int limi=
t,
@@ -501,7 +510,7 @@ _nss_compat_initgroups_dyn (const char *user, gid_t gro=
up, long int *start,
  done:
   scratch_buffer_free (&tmpbuf);
=20
-  internal_endgrent (&intern);
+  internal_endgrent_noerror (&intern);
=20
   return status;
 }
diff --git a/nss/nss_compat/compat-pwd.c b/nss/nss_compat/compat-pwd.c
index ec3f35c594..bd5e707da0 100644
--- a/nss/nss_compat/compat-pwd.c
+++ b/nss/nss_compat/compat-pwd.c
@@ -259,7 +259,7 @@ _nss_compat_setpwent (int stayopen)
 }
=20
=20
-static enum nss_status
+static enum nss_status __attribute_warn_unused_result__
 internal_endpwent (ent_t *ent)
 {
   if (ent->stream !=3D NULL)
@@ -287,6 +287,15 @@ internal_endpwent (ent_t *ent)
   return NSS_STATUS_SUCCESS;
 }
=20
+/* Like internal_endpwent, but preserve errno in all cases.  */
+static void
+internal_endpwent_noerror (ent_t *ent)
+{
+  int saved_errno =3D errno;
+  enum nss_status unused __attribute__ ((unused)) =3D internal_endpwent (e=
nt);
+  __set_errno (saved_errno);
+}
+
 enum nss_status
 _nss_compat_endpwent (void)
 {
@@ -822,7 +831,7 @@ _nss_compat_getpwnam_r (const char *name, struct passwd=
 *pwd,
   if (result =3D=3D NSS_STATUS_SUCCESS)
     result =3D internal_getpwnam_r (name, pwd, &ent, buffer, buflen, errno=
p);
=20
-  internal_endpwent (&ent);
+  internal_endpwent_noerror (&ent);
=20
   return result;
 }
@@ -1061,7 +1070,7 @@ _nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd=
,
   if (result =3D=3D NSS_STATUS_SUCCESS)
     result =3D internal_getpwuid_r (uid, pwd, &ent, buffer, buflen, errnop=
);
=20
-  internal_endpwent (&ent);
+  internal_endpwent_noerror (&ent);
=20
   return result;
 }
diff --git a/nss/nss_compat/compat-spwd.c b/nss/nss_compat/compat-spwd.c
index f6b7a1ef15..d0e3c51b45 100644
--- a/nss/nss_compat/compat-spwd.c
+++ b/nss/nss_compat/compat-spwd.c
@@ -215,7 +215,7 @@ _nss_compat_setspent (int stayopen)
 }
=20
=20
-static enum nss_status
+static enum nss_status __attribute_warn_unused_result__
 internal_endspent (ent_t *ent)
 {
   if (ent->stream !=3D NULL)
@@ -244,6 +244,15 @@ internal_endspent (ent_t *ent)
   return NSS_STATUS_SUCCESS;
 }
=20
+/* Like internal_endspent, but preserve errno in all cases.  */
+static void
+internal_endspent_noerror (ent_t *ent)
+{
+  int saved_errno =3D errno;
+  enum nss_status unused __attribute__ ((unused)) =3D internal_endspent (e=
nt);
+  __set_errno (saved_errno);
+}
+
 enum nss_status
 _nss_compat_endspent (void)
 {
@@ -261,7 +270,6 @@ _nss_compat_endspent (void)
   return result;
 }
=20
-
 static enum nss_status
 getspent_next_nss_netgr (const char *name, struct spwd *result, ent_t *ent=
,
 =09=09=09 char *group, char *buffer, size_t buflen,
@@ -786,7 +794,7 @@ _nss_compat_getspnam_r (const char *name, struct spwd *=
pwd,
   if (result =3D=3D NSS_STATUS_SUCCESS)
     result =3D internal_getspnam_r (name, pwd, &ent, buffer, buflen, errno=
p);
=20
-  internal_endspent (&ent);
+  internal_endspent_noerror (&ent);
=20
   return result;
 }