Bug 2021214 - getgroups does not work correctly with FORTIFY_SOURCE=2
Summary: getgroups does not work correctly with FORTIFY_SOURCE=2
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: uid_wrapper
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Andreas Schneider
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-11-08 15:19 UTC by Pavel Březina
Modified: 2021-12-11 01:31 UTC (History)
6 users (show)

Fixed In Version: uid_wrapper-1.2.9-1.fc36 uid_wrapper-1.2.9-1.fc35
Clone Of:
Environment:
Last Closed: 2021-12-02 14:04:14 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Pavel Březina 2021-11-08 15:19:57 UTC 
SSSD cwrap unit tests fails when building in rawhide with:

[ RUN      ] test_become_user
[  ERROR   ] --- 0x2 != 0
[   LINE   ] --- test_become_user.c:61: error: Failure!
[  FAILED  ] test_become_user

See e.g. https://kojipkgs.fedoraproject.org//work/tasks/8408/78108408/build.log

Code: https://github.com/SSSD/sssd/blob/master/src/tests/cwrap/test_become_user.c#L61

getgroups() call is not consistent with different parameters:
count = getgroups(10, gids); returns count == 0
count = getgroups(0, NULL);  returns count == 2 

If FORTIFY_SOURCE is disabled, it works correctly. It looks like uid_wrapper needs to implement __getgroups_chk().
Comment 1 Pavel Březina 2021-11-08 16:34:34 UTC 
Thank you Andreas for quickly providing test commit:
https://gitlab.com/cryptomilk/uid_wrapper/-/commit/7e59f2f40cb1dd5b5821c891e82f3d7cc1673709

It works with the following change:

--- a/src/uid_wrapper.c
+++ b/src/uid_wrapper.c
@@ -2152,9 +2152,9 @@ static int uwrap___getgroups_chk(int size, gid_t *list, size_t listlen)
        return uwrap_getgroups(size, list);
 }
 
-int __getgroups__chk(int size, gid_t *list, size_t listlen);
+int __getgroups_chk(int size, gid_t *list, size_t listlen);
 
-int __getgroups__chk(int size, gid_t *list, size_t listlen)
+int __getgroups_chk(int size, gid_t *list, size_t listlen)
 {
        if (!uid_wrapper_enabled()) {
                return libc___getgroups_chk(size, list, listlen)
Comment 2 Fedora Update System 2021-12-02 14:02:35 UTC 
FEDORA-2021-db66a05dc4 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2021-db66a05dc4
Comment 3 Fedora Update System 2021-12-02 14:04:14 UTC 
FEDORA-2021-db66a05dc4 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 4 Fedora Update System 2021-12-02 14:22:16 UTC 
FEDORA-2021-30ce6831c9 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-30ce6831c9
Comment 5 Fedora Update System 2021-12-03 01:49:22 UTC 
FEDORA-2021-30ce6831c9 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-30ce6831c9`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-30ce6831c9

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2021-12-11 01:31:34 UTC 
FEDORA-2021-30ce6831c9 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.