RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1290689 - util-linux: /bin/login does not retry getpwnam_r with larger buffers, leading to login failure
Summary: util-linux: /bin/login does not retry getpwnam_r with larger buffers, leading...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: util-linux
Version: 7.2
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Karel Zak
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks: 1203710 1289485 1313485
TreeView+ depends on / blocked
 
Reported: 2015-12-11 08:05 UTC by kyoneyama
Modified: 2019-12-16 05:10 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-03 21:25:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1206462 0 high CLOSED On RHEL7, the problem occurs if the entry of the file "/etc/passwd" is more than 1024 characters. 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHSA-2016:2605 0 normal SHIPPED_LIVE Low: util-linux security, bug fix, and enhancement update 2016-11-03 12:13:26 UTC

Internal Links: 1206462

Description kyoneyama 2015-12-11 08:05:12 UTC 
Description of problem:

On RHEL7.2, if the line in "/etc/passwd" is 1023 or more characters(includes EOL code), the user cannot log in.


Version-Release number of selected component (if applicable):

- Red Hat Enterprise Linux 7.2
- glibc-2.17-106.el7_2.1

How reproducible:

Always


Steps to Reproduce:

1. Create text file to fill comment field.

   # for i in {1..97}; do echo -n "1234567890" ; done > list.txt
   # echo -n 1234 >> list.txt
   # wc list.txt
      0   1 975 list.txt 

2. Add new user adding -c option.

   # useradd -c `cat list.txt` testuser1

3. Check a result of `getent passwd`.

  # getent passwd testuser1
  testuser1:x:1001:1001:12345678901234567890(..snip..)12345678901234:/home/testuser1:/bin/bash
  
  # getent passwd testuser1 | wc -c
  1023
  
4. Check whether the user can log in.
Comment 1 Florian Weimer 2015-12-11 09:43:44 UTC 
How is this related to bug 1206462?

I cannot reproduce this.  I have this line in /etc/passwd:

testuser1:x:1001:1001:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234:/home/testuser1:/bin/bash

And:

$ getent passwd testuser1 | wc -c
1023

And the user is able to log in after setting a password (with OpenSSH password authentication).
Comment 3 Florian Weimer 2015-12-11 10:46:19 UTC 
My guess is that the customer tries to log on over a TTY or via telnetd.  In this case, the system log should contain an error message like this one:

Dec 11 05:35:09 localhost login[28294]: Invalid user name "testuser1" in main:1229. Abort

This refers to login-utils/login.c in util-linux.  The error reflects a failure of the get_passwd_entry function, which does this:

	struct passwd *res = NULL;
	size_t sz = 16384;
	int x;

	if (!pwdbuf || !username)
		return NULL;

#ifdef _SC_GETPW_R_SIZE_MAX
	{
		long xsz = sysconf(_SC_GETPW_R_SIZE_MAX);
		if (xsz > 0)
			sz = (size_t) xsz;
	}
#endif
	*pwdbuf = xrealloc(*pwdbuf, sz);

	x = getpwnam_r(username, pwd, *pwdbuf, sz, &res);

_SC_GETPW_R_SIZE_MAX is misnamed, it is a recommended starting value, not an upper bound.  But the code in util-linux does not retry with a larger buffer, as it is reqired.  See the getpwnam_r manual page for details.
Comment 4 kyoneyama 2015-12-15 05:50:13 UTC 
> _SC_GETPW_R_SIZE_MAX is misnamed, it is a recommended starting value, not an upper bound.  

Your guess might be right.


  $ cat /etc/redhat-release 
  Red Hat Enterprise Linux Server release 7.2 (Maipo)

  $ rpm -q glibc
  glibc-2.17-106.el7_2.1.x86_64

  $ cat test_sysconf.c
 
  #include<stdio.h>
  #include<unistd.h>
  
  int main(){
    size_t sz = 16384;
    long xsz = sysconf(_SC_GETPW_R_SIZE_MAX);
    if(xsz > 0){
      sz = (size_t)xsz;
    }
    printf("%d %d\n", sz, xsz );
    return 0;
  }

  $ gcc -o test_sysconf test_sysconf.c
  $  ./test_sysconf
  1024 1024
Comment 5 Karel Zak 2015-12-15 11:10:14 UTC 
Please, fix getpwnam man page, because EXAMPLE section suggests SC_GETPW_R_SIZE_MAX as optimal buffer size...
Comment 6 Karel Zak 2015-12-15 11:36:25 UTC 
Fixed by upstream commit f7ac9e71b18fa7314151f2ab65ee0bdd2ea89c07.

The patch hardcodes 16K buffer size, not sure if we have something more elegant...
Comment 7 Florian Weimer 2016-01-04 11:03:32 UTC 
(In reply to Karel Zak from comment #6)
> Fixed by upstream commit f7ac9e71b18fa7314151f2ab65ee0bdd2ea89c07.
> 
> The patch hardcodes 16K buffer size, not sure if we have something more
> elegant...

The recommended way is to keep retrying with a larger buffer size, doubling it every time.  The API is somewhat on the bizarre side, but it's how it was standardized in POSIX.
Comment 9 Mike McCune 2016-03-28 22:54:17 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 13 errata-xmlrpc 2016-11-03 21:25:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2605.html
Note You need to log in before you can comment on or make changes to this bug.