Hide Forgot
Description of problem: NSCD netgroup cache failure. Persistent cache inspection and logs show that setnetgrent() and innetgr() cache separate GETNETGRENT records in the cache. When the entry corresponding to innetgr() expires, on reload the netgroup entry has 0 results and further calls to innetgr always return 0 even if it should return 1. Debugging nscd, I found that innetgr adds the GETNETGRENT record to cache with the group string not null-terminated. Version-Release number of selected component (if applicable): glibc-2.17-196.el7 How reproducible: always Steps to Reproduce: 1. set up netgroups provided by ldap / nslcd 2. perform innetgr() with triplet that returns 1 3. wait for nscd debug log to show expire and reload of GETNETGRENT from innetgr() 4. perform innetgr() again, it returns 0 Actual results: innetgr always returns 0 after GETNETGRENT record from previous innetgr() expires Expected results: innetgr should return 1 if entry is in netgroup or 0 if it is not Additional info: I've tested attached patch and it seems to work. One cache record exists from both setnetgrent() and innetgr(), and when it exires it reloads without issue. This has a side benefit of fewer type 19 records in nscd cache and fewer ldap lookup. The proposed fix by Al Heisner <al@heisner.org> is: --- netgroupcache.c 2017-03-27 12:49:39.833083147 -0400 +++ netgroupcache.c.patched 2017-03-27 12:49:25.797939129 -0400 @@ -484,7 +484,7 @@ { const char *group = key; key = (char *) rawmemchr (key, '\0') + 1; - size_t group_len = key - group - 1; + size_t group_len = key - group; //include null terminator in size const char *host = *key++ ? key : NULL; if (host != NULL) key = (char *) rawmemchr (key, '\0') + 1; --- This has to go upstream.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3092