Bug 1834816

Summary: glibc: internal_end*ent in nss_compat may clobber errno, hiding ERANGE
Product: Red Hat Enterprise Linux 7 Reporter: Florian Weimer <fweimer>
Component: glibcAssignee: Florian Weimer <fweimer>
Status: CLOSED ERRATA QA Contact: qe-baseos-tools-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.8CC: ashankar, atikhono, codonell, dj, fweimer, mnewsome, pfrankli, sipoyare, skolosov, vmukhame
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glibc-2.17-317.el7 Doc Type: Bug Fix
Doc Text:
Cause: The nss_compat module overwrites the errno status with other spurious error codes during processing of password and group entries. Consequence: Password and group lookups can fail because the expected buffer resizing does not happen. Fix: nss_compat avoids overwriting critical errno values with other status codes during password and group lookups. Result: Resizing of the response buffer for password and group lookups works, and lookups suceed as expected.
 Story Points: ---
Clone Of:
: 1836867 (view as bug list) Environment:
Last Closed: 2020-09-29 19:20:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1402403, 1782203, 1838037    

Description Florian Weimer 2020-05-12 13:25:15 UTC 
The end*ent functions such as internal_endpwent call into the rest of glibc and other NSS modules, without saving errno around those calls. Since successful function calls can clobber errno, a critical ERANGE error can be masked, and the caller will not retry with a larger buffer, reporting a different error instead.
Comment 7 Sergey Kolosov 2020-06-27 13:08:25 UTC 
Verified, the bug has been fixed in glibc-2.17-317.el7
Comment 9 errata-xmlrpc 2020-09-29 19:20:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: glibc security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3861