Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2063142

Summary: glibc: NSS framework can report incorrect lookup result if function lookup clobbers errno
Product: Red Hat Enterprise Linux 9 Reporter: Florian Weimer <fweimer>
Component: glibcAssignee: Florian Weimer <fweimer>
Status: CLOSED ERRATA QA Contact: Sergey Kolosov <skolosov>
Severity: medium Docs Contact: Jacob Taylor Valdez <jvaldez>
Priority: low    
Version: 9.0CC: ashankar, codonell, dj, fweimer, jvaldez, mnewsome, pfrankli, sipoyare
Target Milestone: rcKeywords: Bugfix, Triaged
Target Release: 9.1Flags: pm-rhel: mirror+
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: glibc-2.34-29.el9 Doc Type: Bug Fix
Doc Text:
.`glibc` now restores errno after loading an NSS module Previously, the Name Service Switch (NSS) implementation in `glibc` set errno incorrectly during database enumeration using functions such as `getpwent()` if the last NSS module did not provide any data. As a result, applications using these enumeration functions incorrectly observed errors and failed. `glibc` now restores errno after loading an NSS module and, as a result, applications using these functions no longer fail.
 Story Points: ---
Clone Of: 2061727 Environment:
Last Closed: 2022-11-15 11:11:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2063230    
Bug Blocks: 2061727    

Description Florian Weimer 2022-03-11 11:07:41 UTC 
+++ This bug was initially created as a clone of Bug #2061727 +++

From the upstream bug report:

This originated in a downstream bug report. The slightly incorrect reproducer looks like this:

#include <sys/types.h>
#include <pwd.h>
#include <errno.h>
#include <stdio.h>

int main(void)
{
    struct passwd *pw;
    errno = 0;
    setpwent();
    while ((pw = getpwent()) != NULL) {
        errno = 0;
        printf("%d: %s\n", pw->pw_uid, pw->pw_name);
    }
    printf("getpwent errno = %d (%m)\n", errno);
    endpwent();
    return 0;
}

(The upstream commit includes a proper test.)

And the last NSS module has an ELF constructor that clobbers errno, but its lookup function does not return any data. The errno value from the ELF constructor then leaks into the getpwent result.

Upstream commit (already backported to 2.34):

commit 9bdf92c79d63b42f931101bb6df87129c408b0c4
Author: Florian Weimer <fweimer>
Date:   Fri Mar 11 08:23:56 2022 +0100

    nss: Protect against errno changes in function lookup (bug 28953)
    
    dlopen may clobber errno.  The nss_test_errno module uses an ELF
    constructor to achieve that, but there could be internal errors
    during dlopen that cause this, too.  Therefore, the NSS framework
    has to guard against such errno clobbers.
    
    __nss_module_get_function is currently the only function that calls
    __nss_module_load, so it is sufficient to save and restore errno
    around this call.
    
    Reviewed-by: Carlos O'Donell <carlos>
Comment 6 errata-xmlrpc 2022-11-15 11:11:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (glibc bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8272