Don't add input group during initgroups_dyn in hesiod (#921760)

2013-03-28 14:11:28 +05:30 · 2013-03-28 14:11:28 +05:30 · 209568f516
commit 209568f516
parent bbd581848b
2 changed files with 62 additions and 1 deletions
--- a/glibc-rh921760.patch
+++ b/glibc-rh921760.patch
@ -0,0 +1,55 @@
+commit 7a86be6e5f18ba99b25d75c555ce56fe1fcea325
+Author: Siddhesh Poyarekar <siddhesh@redhat.com>
+Date:   Thu Mar 28 11:45:47 2013 +0530
+
+    Don't add input group during initgroups_dyn in hesiod
+    
+    Fixes BZ #15304.
+    
+    The *initgroups_dyn functions are called with a group argument.  This
+    group gid is usually skipped while populating the grouplist since the
+    caller adds that group id in advance.
+    
+    The hesiod initgroups_dyn implementation however adds the group gid to
+    the list if it does not already exist.  While it works fine for the
+    usual initgroups, it breaks nscd since it calls initgroups_dyn with -1
+    as the gid (to have all groups included).
+
+diff --git a/hesiod/nss_hesiod/hesiod-grp.c b/hesiod/nss_hesiod/hesiod-grp.c
+index c2ae166..b11952f 100644
+--- a/hesiod/nss_hesiod/hesiod-grp.c
+++ b/hesiod/nss_hesiod/hesiod-grp.c
+@@ -191,33 +191,6 @@ _nss_hesiod_initgroups_dyn (const char *user, gid_t group, long int *start,
+       return errno == ENOENT ? NSS_STATUS_NOTFOUND : NSS_STATUS_UNAVAIL;
+     }
+ 
+-  if (!internal_gid_in_list (groups, group, *start))
+-    {
+-      if (__builtin_expect (*start == *size, 0))
+-	{
+-	  /* Need a bigger buffer.  */
+-	  gid_t *newgroups;
+-	  long int newsize;
+-
+-	  if (limit > 0 && *size == limit)
+-	    /* We reached the maximum.  */
+-	    goto done;
+-
+-	  if (limit <= 0)
+-	    newsize = 2 * *size;
+-	  else
+-	    newsize = MIN (limit, 2 * *size);
+-
+-	  newgroups = realloc (groups, newsize * sizeof (*groups));
+-	  if (newgroups == NULL)
+-	    goto done;
+-	  *groupsp = groups = newgroups;
+-	  *size = newsize;
+-	}
+-
+-      groups[(*start)++] = group;
+-    }
+-
+   save_errno = errno;
+ 
+   p = *list;
--- a/glibc.spec
+++ b/glibc.spec
@ -27,7 +27,7 @@
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 4%{?dist}
+Release: 5%{?dist}
 # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
 # Things that are linked directly into dynamically linked programs
 # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@ -115,6 +115,8 @@ Patch0035: %{name}-rh911307.patch
 # Upstream BZ 15078
 Patch2029: %{name}-rh905877.patch

+Patch1030: %{name}-rh921760.patch
+
 #
 # Patches submitted, but not yet approved upstream.
 # Each should be associated with a BZ.
@ -405,6 +407,7 @@ package or when debugging this package.
 %patch2028 -p1
 %patch0035 -p1
 %patch2029 -p1
+%patch1030 -p1

 # On powerpc32, hp timing is only available in power4/power6
 # libs, not in base, so pre-power4 dynamic linker is incompatible
@ -1204,6 +1207,9 @@ rm -f *.filelist*
 %endif

 %changelog
+* Thu Mar 28 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-5
+  - Don't add input group during initgroups_dyn in hesiod (#921760).
+
 * Sun Mar 17 2013 Carlos O'Donell <carlos@redhat.com> - 2.17-4
  - Fixed i386 glibc builds (#917161).
  - Fixed multibyte character processing crash in regexp (#905877, CVE-2013-0242)