From owner-freebsd-bugs@FreeBSD.ORG Mon Dec 15 20:20:19 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2534516A4D0 for ; Mon, 15 Dec 2003 20:20:19 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E6C343D3C for ; Mon, 15 Dec 2003 20:20:14 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) hBG4KEFR016939 for ; Mon, 15 Dec 2003 20:20:14 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id hBG4KESV016938; Mon, 15 Dec 2003 20:20:14 -0800 (PST) (envelope-from gnats) Resent-Date: Mon, 15 Dec 2003 20:20:14 -0800 (PST) Resent-Message-Id: <200312160420.hBG4KESV016938@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Lachlan O'Dea" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A71216A4CE for ; Mon, 15 Dec 2003 20:15:44 -0800 (PST) Received: from angmar.mel.vet.com.au (angmar.mel.vet.com.au [203.39.245.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 078C843D33 for ; Mon, 15 Dec 2003 20:15:43 -0800 (PST) (envelope-from lodea@angmar.mel.vet.com.au) Received: by angmar.mel.vet.com.au (Postfix, from userid 1000) id F16FC14F356; Tue, 16 Dec 2003 15:15:41 +1100 (EST) Message-Id: <20031216041541.F16FC14F356@angmar.mel.vet.com.au> Date: Tue, 16 Dec 2003 15:15:41 +1100 (EST) From: "Lachlan O'Dea" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/60287: [patch] NSS does not handle NSS_STATUS_TRYAGAIN properly X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Lachlan O'Dea List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2003 04:20:19 -0000 >Number: 60287 >Category: bin >Synopsis: [patch] NSS does not handle NSS_STATUS_TRYAGAIN properly >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Dec 15 20:20:13 PST 2003 >Closed-Date: >Last-Modified: >Originator: Lachlan O'Dea >Release: FreeBSD 5.2-BETA i386 >Organization: Computer Associates >Environment: System: FreeBSD isis.ca.com 5.2-BETA FreeBSD 5.2-BETA #0: Fri Dec 5 17:00:13 EST 2003 odela01@isis.ca.com:/usr/obj/usr/src/sys/GENERIC i386 /etc/nsswitch.conf: passwd: files ldap group: files ldap >Description: When using nss_ldap, getgrent(3) does not work properly if there are groups in LDAP with a large number of users. When it encounters such a group, getgrent immediately returns NULL, indicating no further groups. The problem appears to be in /usr/src/lib/libc/net/nss_compat.c. The __nss_compat_getgrent_r function sets a global terminate flag if the NSS module does not return success. Once this flag is set, subsequent calls to getgrent will return NULL. The problem occurs if the group data is larger than the initial size of the group buffer (1024 bytes). In this case, the NSS module returns NSS_STATUS_TRYAGAIN, and libc will retry the call with a larger buffer. However, the terminate flag has already been set, so the second call goes nowhere. The following patch will not set the terminate flag if NSS_STATUS_TRYAGAIN is returned. It seems to work for me. Also, this code should check against NSS_STATUS_SUCCESS, not NS_SUCCESS, although by coincidence they both have the value 1. >How-To-Repeat: If you're using nss_ldap, create a group in LDAP with 100 users and run id(1) on one of the members. The large group, and perhaps others that come later in the search results will not be listed in the output. Similar problems also occur with other programs that use getgrent(3). Note that running id(1) without arguments does not show the problem. >Fix: --- nss_compat.c.orig Sun Dec 7 23:58:47 2003 +++ nss_compat.c Sun Dec 7 23:58:47 2003 @@ -144,9 +144,9 @@ bufsize = va_arg(ap, size_t); errnop = va_arg(ap, int *); status = fn(grp, buffer, bufsize, errnop); - if (status == NS_SUCCESS) + if (status == NSS_STATUS_SUCCESS) *(struct group **)retval = grp; - else + else if (status != NSS_STATUS_TRYAGAIN) SET_TERMINATOR(group, &terminator); return (__nss_compat_result(status)); } >Release-Note: >Audit-Trail: >Unformatted: