fix regressions caused by the get{gr,pw}nam_r patch

Resolves: RHEL-40603
2024-07-19 15:40:56 +02:00 · 2024-07-19 15:40:56 +02:00 · 2b15335b46
commit 2b15335b46
parent 75e348b1a4
3 changed files with 118 additions and 1 deletions
--- a/0001-acl-2.3.2-__acl_get_uid-fix-memory-wasting-loop.patch
+++ b/0001-acl-2.3.2-__acl_get_uid-fix-memory-wasting-loop.patch
@ -0,0 +1,46 @@
+From 56abe432b65801f31277fb9a3bca0f9e31502315 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Thu, 25 Apr 2024 12:43:49 +0200
+Subject: [PATCH] libmisc: __acl_get_uid(): fix memory wasting loop if user
+ does not exist
+
+I noticed that `acl_from_text()` unexpectedly returns ENOMEM for invalid
+user names. The reason for this is a missing break statement in the for
+loop in `__acl_get_uid()`, which causes the loop to act as if ERANGE was
+returned from `getpwnam_r()`, thereby exponentially increasing the
+buffer size to (in my case) multiple gigabytes, until `grow_buffer()`
+reports ENOMEM, which terminates the `__acl_get_uid()` function.
+
+This is a pretty costly "no such user" lookup that can disturb a
+process's heap memory management, but can also cause a process to fail
+e.g. if it is multithreaded and other threads encounter an ENOMEM,
+before `__acl_get_uid()` frees the gigantic heap buffer and returns.
+The allocated memory isn't actually used. Therefore on Linux it should
+not affect other processes by default, due to its overcommit memory
+and lazy memory allocation strategy.
+
+Fix this by properly terminating the for loop on any conditions except
+an ERANGE error being reported. The same break statement correctly
+exists in `__acl_get_gid()` already.
+
+Fixes: 3737f00 ("use thread-safe getpwnam_r and getgrnam_r")
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+---
+ libmisc/uid_gid_lookup.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libmisc/uid_gid_lookup.c b/libmisc/uid_gid_lookup.c
+index a4f21f6..74baab4 100644
+--- a/libmisc/uid_gid_lookup.c
+++ b/libmisc/uid_gid_lookup.c
+@@ -91,6 +91,7 @@ __acl_get_uid(const char *token, uid_t *uid_p)
+ 		if (err == ERANGE)
+ 			continue;
+ 		errno = err ? err : EINVAL;
+		break;
+ 	}
+ 	free(buffer);
+ 	return result ? 0 : -1;
+-- 
+2.45.2
+
--- a/0001-acl-2.3.2-tests-fix-getpwnam-and-getgrnam.patch
+++ b/0001-acl-2.3.2-tests-fix-getpwnam-and-getgrnam.patch
@ -0,0 +1,62 @@
+From 99ed23222f315d1a6efbc240db3ff4ed04db99c6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= <lzaoral@redhat.com>
+Date: Mon, 10 Jun 2024 16:28:22 +0200
+Subject: [PATCH] tests: fix getpwnam and getgrnam
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The calls to these functions would always fail because the size of the buffer
+was smaller than the minimum (170000) specified in the test implementations
+of getgrnam_r and getpwnam_r.  Use test_get*_match directly because getpwnam
+and getgrnam should never fail on ERANGE.
+
+This commit fixes the following failure in the test/root/restore.test test:
+
+[21] $ chown bin passwd -- failed
+chown: invalid user: ‘bin’        != ~
+
+Fixes: 3737f000d3f17cd283f51eeacac21a71a3472053 ("use thread-safe getpwnam_r and getgrnam_r")
+---
+ test/test_group.c  | 2 +-
+ test/test_passwd.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/test/test_group.c b/test/test_group.c
+index 96dd612..42d6b07 100644
+--- a/test/test_group.c
+++ b/test/test_group.c
+@@ -136,7 +136,7 @@ struct group *getgrnam(const char *name)
+ 	static struct group grp;
+ 	struct group *result;
+ 
+-	(void) getgrnam_r(name, &grp, buf, sizeof(buf), &result);
+	(void) test_getgr_match(&grp, buf, sizeof buf, &result, match_name, name);
+ 	return result;
+ }
+ 
+diff --git a/test/test_passwd.c b/test/test_passwd.c
+index b88ea45..ebe9dce 100644
+--- a/test/test_passwd.c
+++ b/test/test_passwd.c
+@@ -117,7 +117,7 @@ int getpwnam_r(const char *name, struct passwd *pwd, char *buf, size_t buflen,
+ 		*result = NULL;
+ 		return ERANGE;
+ 	}
+-	last_buflen =- 1;
+	last_buflen = -1;
+ 
+ 	return test_getpw_match(pwd, buf, buflen, result, match_name, name);
+ }
+@@ -129,7 +129,7 @@ struct passwd *getpwnam(const char *name)
+ 	static struct passwd pwd;
+ 	struct passwd *result;
+ 
+-	(void) getpwnam_r(name, &pwd, buf, sizeof(buf), &result);
+	(void) test_getpw_match(&pwd, buf, sizeof(buf), &result, match_name, name);
+ 	return result;
+ }
+ 
+-- 
+2.45.2
+
--- a/acl.spec
+++ b/acl.spec
@ -1,7 +1,7 @@
 Summary: Access control list utilities
 Name: acl
 Version: 2.3.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 BuildRequires: gawk
 BuildRequires: gcc
 BuildRequires: gettext
@ -21,6 +21,12 @@ Source2: vapier-key.gpg
 # avoid permission denied problem with LD_PRELOAD in the test-suite
 Patch1: 0001-acl-2.2.53-test-runwrapper.patch

+# fix regressions introduced by the `libacl: use getpwnam_r and getgrnam_r in acl_from_text.c` patch
+# https://git.savannah.nongnu.org/cgit/acl.git/commit/?id=56abe432b65801f31277fb9a3bca0f9e31502315
+Patch2: 0001-acl-2.3.2-__acl_get_uid-fix-memory-wasting-loop.patch
+# https://lists.nongnu.org/archive/html/acl-devel/2024-06/msg00000.html
+Patch3: 0001-acl-2.3.2-tests-fix-getpwnam-and-getgrnam.patch
+
 License: GPL-2.0-or-later AND LGPL-2.1-or-later
 URL: https://savannah.nongnu.org/projects/acl

@ -126,6 +132,9 @@ rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name}*
 %{_libdir}/libacl.so.*

 %changelog
+* Fri Jul 19 2024 Lukáš Zaoral <lzaoral@redhat.com> - 2.3.2-3
+- fix regressions caused by the get{gr,pw}nam_r patch (RHEL-40603)
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.3.2-2
 - Bump release for June 2024 mass rebuild