Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1213603
Summary: | glibc: nss_db: get*ent crashes without preceding set*ent | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Frank Hirtz <fhirtz> | |
Component: | glibc | Assignee: | Florian Weimer <fweimer> | |
Status: | CLOSED ERRATA | QA Contact: | Sergey Kolosov <skolosov> | |
Severity: | medium | Docs Contact: | ||
Priority: | urgent | |||
Version: | 7.2 | CC: | alanm, ashankar, codonell, cww, fkrska, fweimer, mcermak, mnewsome, mpetlan, pfrankli, skolosov | |
Target Milestone: | rc | Keywords: | Patch, ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | glibc-2.17-158.el7 | Doc Type: | Bug Fix | |
Doc Text: |
Cause: The nss_db Name Service Switch module incorrectly initializes itself.
Consequence: If nss_db is enabled and any of the get*ent functions (such as getservent) are called before a corresponding set*ent call, the application crashes.
Fix: The nss_db initialization sequence was updated to support this call sequence.
Result: It is possible to call get*ent functions without calling set*ent first.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1344480 1388635 (view as bug list) | Environment: | ||
Last Closed: | 2017-08-01 18:06:55 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1344480 | |||
Bug Blocks: | 1388635 |
Description
Frank Hirtz
2015-04-20 21:39:15 UTC
It appears the cause is that that implicit initialization of the service by get*ent (without a preceding set*ent) does not cause initialization of the entidex variable. _nss_db_get*_r does this: 247 if (state.header == NULL) 248 { 249 status = internal_setent (DBFILE, &state); 250 if (status != NSS_STATUS_SUCCESS) 251 { 252 *errnop = errno; 253 H_ERRNO_SET (NETDB_INTERNAL); 254 goto out; 255 } 256 } While _nss_db_set* has: 72 status = internal_setent (DBFILE, &state); 73 74 if (status == NSS_STATUS_SUCCESS) 75 { 76 /* Remember STAYOPEN flag. */ 77 keep_db |= stayopen; 78 79 /* Reset the sequential index. */ 80 entidx = (const char *) state.header + state.header->valstroffset; 81 } As far as I can see, the bug is present upstream as well. Patch posted upstream: https://sourceware.org/ml/libc-alpha/2016-06/msg00346.html Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=31d0a4fa646db8b8c97ce24e0ec0a7b73de4fca1 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:1916 |