This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[COMMITTED 2.19] Fix nscd lookup for innetgr when netgroup has wildcards (BZ #16758)


From: Siddhesh Poyarekar <siddhesh@redhat.com>

nscd works correctly when the request in innetgr is a wildcard,
i.e. when one or more of host, user or domain parameters is NULL.
However, it does not work when the the triplet in the netgroup
definition has a wildcard.  This is easy to reproduce for a triplet
defined as follows:

    foonet (,foo,)

Here, an innetgr call that looks like this:

    innetgr ("foonet", "foohost", "foo", NULL);

should succeed and so should:

    innetgr ("foonet", NULL, "foo", "foodomain");

It does succeed with nscd disabled, but not with nscd enabled.  This
fix adds this additional check for all three parts of the triplet so
that it gives the correct result.

	[BZ #16758]
	* nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
	blank values.

(cherry picked from commit fbd6b5a4052316f7eb03c4617eebfaafc59dcc06)
---
 ChangeLog            |  6 ++++++
 NEWS                 |  6 +++---
 nscd/netgroupcache.c | 10 +++++++---
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 4502ab2..3cb4c4d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-12-20  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16758]
+	* nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
+	blank values.
+
 2015-11-24  Andreas Schwab  <schwab@suse.de>
 
 	[BZ #17062]
diff --git a/NEWS b/NEWS
index c9cce28..9771c07 100644
--- a/NEWS
+++ b/NEWS
@@ -9,9 +9,9 @@ Version 2.19.1
 
 * The following bugs are resolved with this release:
 
-  15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885,
-  16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137, 17153,
-  17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287.
+  15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16878, 16882,
+  16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137,
+  17153, 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287.
 
 * A buffer overflow in gethostbyname_r and related functions performing DNS
   requests has been fixed.  If the NSS functions were called with a
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 084f74d..8c619ea 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -562,15 +562,19 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
 	{
 	  bool success = true;
 
-	  if (host != NULL)
+	  /* For the host, user and domain in each triplet, we assume success
+	     if the value is blank because that is how the wildcard entry to
+	     match anything is stored in the netgroup cache.  */
+	  if (host != NULL && *triplets != '\0')
 	    success = strcmp (host, triplets) == 0;
 	  triplets = (const char *) rawmemchr (triplets, '\0') + 1;
 
-	  if (success && user != NULL)
+	  if (success && user != NULL && *triplets != '\0')
 	    success = strcmp (user, triplets) == 0;
 	  triplets = (const char *) rawmemchr (triplets, '\0') + 1;
 
-	  if (success && (domain == NULL || strcmp (domain, triplets) == 0))
+	  if (success && (domain == NULL || *triplets == '\0'
+			  || strcmp (domain, triplets) == 0))
 	    {
 	      dataset->resp.result = 1;
 	      break;
-- 
2.6.4


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]