Summary: | [libc] getgrent() issue with large NIS groups | ||||||
---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | tcleamy | ||||
Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||
Status: | Open --- | ||||||
Severity: | Affects Some People | CC: | jilles | ||||
Priority: | --- | Keywords: | patch | ||||
Version: | 12.2-RELEASE | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
tcleamy
2019-01-04 21:33:38 UTC
This patch looks conceptually correct: if getgrent_r() returns ERANGE, it must not advance the iterator. Apparently it is acceptable to call yp_first() or yp_next() with the same key multiple times. The code in FreeBSD head advances the iterator when ERANGE is returned, so the excessively long group is discarded (but following groups will use a larger buffer). Potential issue in the patch: reading *errnop in if (*errnop == ERANGE) { without ensuring it is meaningful by checking rv == NS_RETURN may not be correct. I ran into the same issue with FreeBSD 11.3. And the same patch still works for me. I ran into the same bug in FreeBSD 11.4. I'm still using the same patch to fix it. The bug still exists in FreeBSD 12.2. I used the same patch to fix it. The line numbers shifted a bit, but it worked. |