Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove entries from the hash table, do not free them

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-14 09:13:53 +02:00 · 2018-05-14 09:13:53 +02:00 · 1511bcd8b2
commit 1511bcd8b2
parent 3ad9e211eb
2 changed files with 55 additions and 0 deletions
--- a/0061-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch
+++ b/0061-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch
@ -0,0 +1,52 @@
 From b96c60f55789527b1f9232ddae03e5c7566bf578 Mon Sep 17 00:00:00 2001
 From: Sumit Bose <sbose@redhat.com>
 Date: Fri, 4 May 2018 17:00:55 +0200
 Subject: [PATCH] NSS: nss_clear_netgroup_hash_table() do not free data
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 nss_clear_netgroup_hash_table() is called during the clearEnumCache SBUS
 request, which is e.g. used during 'sss_cache -E', to remove netgroup
 data cached in the memory of the NSS responder.
 Currently nss_clear_netgroup_hash_table() calls
 'sss_ptr_hash_delete_all(nss_ctx->netgrent, true);' which not only
 removes all entries in the 'netgerent' hash table but frees them as
 well.
 The second step is not needed because nss_setnetgrent_set_timeout()
 takes care that the data is freed after a timeout. Additionally freeing
 the data in nss_clear_netgroup_hash_table() can even do harm when the
 request is received by the NSS responder while waiting for the backend
 to acquire the netgroup data. Because if the backend is done the NSS
 responder tries do use enum_ctx which might have been freed in the
 meantime.
 Because of this nss_clear_netgroup_hash_table() should only remove the
 data from the hash table but not free it.
 Related to https://pagure.io/SSSD/sssd/issue/3731
 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
 (cherry picked from commit b13cc2d1413a0d5bbe36e06e5ffd87dbf5c0cb9f)
 ---
 src/responder/nss/nsssrv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
 index 171c2a5ca..004e6c1a1 100644
 --- a/src/responder/nss/nsssrv.c
 +++ b/src/responder/nss/nsssrv.c
@@ -142,7 +142,7 @@ static int nss_clear_netgroup_hash_table(struct sbus_request *dbus_req, void *da
     DEBUG(SSSDBG_TRACE_FUNC, "Invalidating netgroup hash table\n");
 -    sss_ptr_hash_delete_all(nss_ctx->netgrent, true);
 +    sss_ptr_hash_delete_all(nss_ctx->netgrent, false);
     return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
 }
 -- 
 2.17.0
--- a/sssd.spec
+++ b/sssd.spec
@ -102,6 +102,7 @@ Patch0057: 0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch
 Patch0058: 0058-SYSDB-Only-check-non-POSIX-groups-for-GID-conflicts.patch
 Patch0059: 0059-Do-not-keep-allocating-external-groups-on-a-long-liv.patch
 Patch0060: 0060-CACHE_REQ-Do-not-fail-the-domain-locator-plugin-if-I.patch
 Patch0061: 0061-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch
 Patch0502: 0502-SYSTEMD-Use-capabilities.patch
 Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
@ -1318,6 +1319,8 @@ fi
                            causing memory growth of the sssd_be process
 - Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a
                            first domain does not reach the second domain
 - Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove
                            entries from the hash table, do not free them
 * Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
 - Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa