Bug 2061727
| Summary: | glibc: NSS framework can report incorrect lookup result if function lookup clobbers errno | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Michal Hlavinka <mhlavink> | |
| Component: | glibc | Assignee: | Florian Weimer <fweimer> | |
| Status: | CLOSED ERRATA | QA Contact: | Martin Coufal <mcoufal> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 8.6 | CC: | ashankar, codonell, dj, dtardon, fj-lsoft-oss, fsumsal, fweimer, glibc-bugzilla, jharuda, jsynacek, jvaldez, lmiksik, mcoufal, mnewsome, pfrankli, sipoyare, skolosov, systemd-maint-list, systemd-maint | |
| Target Milestone: | rc | Keywords: | Bugfix, Triaged | |
| Target Release: | 8.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | glibc-2.28-189.1.el8 | Doc Type: | Bug Fix | |
| Doc Text: |
.`glibc` now restores errno after loading a Name Service Switch (NSS) module.
Previously, the NSS implementation in `glibc` set errno incorrectly during database enumeration that used functions such as `getpwent()` if the last NSS module did not provide any data. This caused applications using these enumeration functions to fail. The bug is fixed and `glibc` now restores errno after loading an NSS module.
|
Story Points: | --- | |
| Clone Of: | 1691691 | |||
| : | 2063142 2063712 (view as bug list) | Environment: | ||
| Last Closed: | 2022-05-10 15:18:10 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1691691, 2063142 | |||
| Bug Blocks: | 1630410, 2063712 | |||
The reproducer from the private description:
#include <sys/types.h>
#include <pwd.h>
#include <errno.h>
#include <stdio.h>
int main(void)
{
struct passwd *pw;
errno = 0;
setpwent();
while ((pw = getpwent()) != NULL) {
errno = 0;
printf("%d: %s\n", pw->pw_uid, pw->pw_name);
}
printf("getpwent errno = %d (%m)\n", errno);
endpwent();
return 0;
}
It's a bit iffy because it does not set errno right before the getpwent call, but that is not what is causing this. EPERM is not visible in strace because of bug 2062648, the actual error is EINVAL from prctl (as seen on :
prctl(PR_CAPBSET_READ, CAP_MAC_OVERRIDE) = 1
prctl(PR_CAPBSET_READ, 0x30 /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, CAP_CHECKPOINT_RESTORE) = 1
prctl(PR_CAPBSET_READ, 0x2c /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, 0x2a /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, 0x29 /* CAP_??? */) = -1 EINVAL (Invalid argument)
The libcap ELF constructor also clobbers errno. This is perhaps not a great thing to do, but a successful call to (internal) dlopen can clobber errno for other reasons as well, and the glibc NSS framework is not prepared to deal with that. So we have to fix this in glibc anyway.
This glibc bug is present in the rewritten upstream code, and earlier versions of Red Hat Enterprise Linux 8. It's not a new problem as far as glibc is concerned. How important is it that we fixed this in the upcoming 8.6.0 release?
(In reply to Florian Weimer from comment #3) > ... How important is it that we fixed this in the upcoming > 8.6.0 release? It causes problem for dovecot (recreates bug #1630410) when it tries to iterate over user list for mail administration (doveadm command) that handles mail backup,replication,acl,quota,... (In reply to Michal Hlavinka from comment #4) > (In reply to Florian Weimer from comment #3) > > ... How important is it that we fixed this in the upcoming > > 8.6.0 release? > > It causes problem for dovecot (recreates bug #1630410) when it tries to > iterate over user list for mail administration (doveadm command) that > handles mail backup,replication,acl,quota,... I'm reading this as, “we really should fix this in the exception phase”. Carlos, what do you think? Meanwhile I've posted an upstream patch: [PATCH 2/2] nss: Protect against errno changes in function lookup (bug 28953) https://sourceware.org/pipermail/libc-alpha/2022-March/137009.html This won't apply downstream as-is because of the NSS refactoring that happened upstream. But I expect a similar approach can be used downstream. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (glibc bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:2005 |
errno is already set to EPERM when _nss_systemd_getpwent_r is entered: Breakpoint 1, _nss_systemd_getpwent_r (result=0x7ffff7dcc460 <resbuf>, buffer=0x602bf0 "rngd", buflen=1024, errnop=0x7ffff7ff1480) at ../src/nss-systemd/nss-systemd.c:734 734 enum nss_status _nss_systemd_getpwent_r(struct passwd *result, char *buffer, size_t buflen, int *errnop) { Missing separate debuginfos, use: yum debuginfo-install libblkid-2.32.1-35.el8.x86_64 libcap-2.48-2.el8.x86_64 libgcc-8.5.0-10.el8.x86_64 libmount-2.32.1-35.el8.x86_64 libselinux-2.9-5.el8.x86_64 libuuid-2.32.1-35.el8.x86_64 pcre2-10.32-2.el8.x86_64 sssd-client-2.6.2-3.el8.x86_64 (gdb) p errno $1 = 1