Bug 234622 - [libc] getgrent() issue with large NIS groups
Summary: [libc] getgrent() issue with large NIS groups
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 11.2-RELEASE
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-bugs mailing list
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2019-01-04 21:33 UTC by tcleamy
Modified: 2019-01-13 22:12 UTC (History)
1 user (show)

See Also:


Attachments
Patch for 11.2 (2.54 KB, patch)
2019-01-04 21:33 UTC, tcleamy
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description tcleamy 2019-01-04 21:33:38 UTC
Created attachment 200779 [details]
Patch for 11.2

getgrent misses large NIS groups so the group list for those users is incorrect.

To replicate simply make a large NIS group (500+ characters) and then run groups on one of those users.  From one of my systems:
> ypmatch crc group
crc::499:ccctim,itsnoopy,rodd,jkperla,ncmolina,ajnichol,itlm003,itlm005,itlm011,itlm012,itlm019,itlm022,itlm023,itlm031,itlm032,itlm033,itlm034,itlm035,itlm038,itlm039,itlm040,itlm041,itlm043,itlm045,itlm046,itlm049,itlm054,itlm055,itlm057,itlm061,itlm064,itlm067,itlm068,itlm070,itlm071,itlm072,itlm076,itlm079,itlm080,itlm082,itlm084,itlm086,itlm087,itlm088,itlm089,itlm091,itlm092,itlm094,itlm095,itlm097,itlm098,itlm099,itlm100,itlm104,itlm107,itlm109,itlm111,itlm112,itlm113,itlm114,itlm123,itlm125,itlm126,itlm127,itlm130,itlm134,itlm138,itlm140,itlm141,itlm145,itlm146,itlm147,itlm151,itlm167,itlm179,itlm196,itlm197

> groups ccctim
users lm hws projects office eyevocab roomres crcsuper

So while "ypmatch crc group" lists the entire group including ccctim, "groups ccctim" doesn't list crc.

I've seen this issue on various releases of FreeBSD 9, 10 & 11.  I think it's the same as 96840.  That bug report says fixed and closed, but I'm continuing to see the same issue.  I've been using that patch in 96840 to fix the bug each release.  So can you double check to see if the issue was really fixed?

I've attached the latest patch for FreeBSD 11.2.
Comment 1 Jilles Tjoelker freebsd_committer 2019-01-13 22:12:49 UTC
This patch looks conceptually correct: if getgrent_r() returns ERANGE, it must not advance the iterator. Apparently it is acceptable to call yp_first() or yp_next() with the same key multiple times.

The code in FreeBSD head advances the iterator when ERANGE is returned, so the excessively long group is discarded (but following groups will use a larger buffer).

Potential issue in the patch: reading *errnop in if (*errnop == ERANGE) { without ensuring it is meaningful by checking rv == NS_RETURN may not be correct.