nsswitch: handle missing actions properly

Some internal functions need to know if a database has a nonzero list of actions; success getting the database does not guarantee that. Add checks for such as needed. Skip the ":" in each nsswitch.conf line so as not to add a dummy action libnss_:.so See also https://bugzilla.redhat.com/show_bug.cgi?id=1906066 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2025-07-29 11:41:21 +03:00 · 2020-12-09 21:46:30 -05:00
parent 2ee7711bdd
commit d2e929a907
12 changed files with 110 additions and 4 deletions
--- a/grp/Makefile
+++ b/grp/Makefile
@ -31,6 +31,10 @@ routines := fgetgrent initgroups setgroups \
 tests := testgrp tst-putgrent
 tests-container = \
 	tst-initgroups1 \
 	tst-initgroups2
 ifeq (yes,$(build-shared))
 test-srcs :=  tst_fgetgrent
 ifeq ($(run-built-tests),yes)
--- a/grp/initgroups.c
+++ b/grp/initgroups.c
@ -72,11 +72,13 @@ internal_getgrouplist (const char *user, gid_t group, long int *size,
  nss_action_list nip;
-  if (__nss_database_get (nss_database_initgroups, &nip))
+  if (__nss_database_get (nss_database_initgroups, &nip)
      && nip != NULL)
    {
      use_initgroups_entry = true;
    }
-  else if (__nss_database_get (nss_database_group, &nip))
+  else if (__nss_database_get (nss_database_group, &nip)
 	   && nip != NULL)
    {
      use_initgroups_entry = false;
    }
--- a/grp/tst-initgroups1.c
+++ b/grp/tst-initgroups1.c
@ -0,0 +1,56 @@
 /* Test that initgroups works.
   Copyright (C) 2020 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.
   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.
   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <https://www.gnu.org/licenses/>.  */
 #include <nss.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <errno.h>
 #include <unistd.h>
 #include <grp.h>
 #include <support/support.h>
 #include <support/check.h>
 /* Test that initgroups includes secondary groups.
   https://bugzilla.redhat.com/show_bug.cgi?id=1906066  */
 /* This version uses the wrapper around the groups module.  */
 #define EXPECTED_N_GROUPS 4
 static gid_t expected_groups[] =
  { 20, 30, 50, 51 };
 static int
 do_test (void)
 {
  gid_t mygroups [50];
  int i, n;
  n = 50;
  getgrouplist ("dj", 20, mygroups, &n);
  TEST_COMPARE (n, EXPECTED_N_GROUPS);
  for (i=0; i<n; i++)
    TEST_COMPARE (mygroups[i], expected_groups[i]);
  return 0;
 }
 #include <support/test-driver.c>
--- a/grp/tst-initgroups1.root/etc/group
+++ b/grp/tst-initgroups1.root/etc/group
@ -0,0 +1,7 @@
 abc:x:10:
 def:x:20:
 ghi:x:30:dj
 jkl:x:40:
 m:x:50:not,dj
 n:x:51:dj,not
 np:x:60:djx
--- a/grp/tst-initgroups1.root/etc/nsswitch.conf
+++ b/grp/tst-initgroups1.root/etc/nsswitch.conf
@ -0,0 +1 @@
 group : files 
--- a/grp/tst-initgroups1.root/etc/passwd
+++ b/grp/tst-initgroups1.root/etc/passwd
@ -0,0 +1 @@
 dj:x:84:20:DJ:/:/bin/sh
--- a/grp/tst-initgroups2.c
+++ b/grp/tst-initgroups2.c
@ -0,0 +1,21 @@
 /* Test that initgroups works.
   Copyright (C) 2020 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.
   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.
   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <https://www.gnu.org/licenses/>.  */
 #include "tst-initgroups1.c"
 /* This version uses the initgroups built in to the files module.  */
--- a/grp/tst-initgroups2.root/etc/group
+++ b/grp/tst-initgroups2.root/etc/group
@ -0,0 +1,7 @@
 abc:x:10:
 def:x:20:
 ghi:x:30:dj
 jkl:x:40:
 m:x:50:not,dj
 n:x:51:dj,not
 np:x:60:djx
--- a/grp/tst-initgroups2.root/etc/nsswitch.conf
+++ b/grp/tst-initgroups2.root/etc/nsswitch.conf
@ -0,0 +1,2 @@
 initgroups : files
 group : notfiles 
--- a/grp/tst-initgroups2.root/etc/passwd
+++ b/grp/tst-initgroups2.root/etc/passwd
@ -0,0 +1 @@
 dj:x:84:20:DJ:/:/bin/sh
--- a/nss/nss_database.c
+++ b/nss/nss_database.c
@ -212,7 +212,8 @@ process_line (struct nss_database_data *data, char *line)
  if (line[0] == '\0' || name == line)
    /* Syntax error.  Skip this line.  */
    return true;
-  *line++ = '\0';
+  while (line[0] != '\0' && (isspace (line[0]) || line[0] == ':'))
    *line++ = '\0';
  int db = name_to_database_index (name);
  if (db < 0)
--- a/nss/nsswitch.c
+++ b/nss/nsswitch.c
@ -81,7 +81,10 @@ __nss_database_lookup2 (const char *database, const char *alternate_name,
  if (database_names[database_id] == NULL)
    return -1;
-  if (__nss_database_get (database_id, ni))
+  /* If *NI is NULL, the database was not mentioned in nsswitch.conf.
     If *NI is not NULL, but *NI->module is NULL, the database was in
     nsswitch.conf but listed no actions.  We test for the former.  */
  if (__nss_database_get (database_id, ni) && *ni != NULL)
    {
      /* Success.  */
      return 0;