lib/47293: innetgr(3) failed to match correctly

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/47293: innetgr(3) failed to match correctly
From: Wolfgang.Stukenbrock%nagler-company.com@localhost
Date: Fri, 7 Dec 2012 13:05:00 +0000 (UTC)

>Number:         47293
>Category:       lib
>Synopsis:       innetgr(3) failed to match correctly
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Dec 07 13:05:00 +0000 2012
>Originator:     Dr. Wolfgang Stukenbrock
>Release:        NetBSD 5.1.2
>Organization:
Dr. Nagler & Company GmbH
>Environment:
        
        
System: NetBSD test-s0 5.1.2 NetBSD 5.1.2 (NSW-WS) #1: Thu Dec 6 12:56:04 CET 
2012 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
        The behaviour of the NetBSD innetgr() differs from the "reference" 
Version of Sun in the following way.
        If there is a netgroup entry link '(hhh,blub,XXX)' in a netgroup, it is 
possible to match it
        on Sun with specifying all three paramters like innetgr(<nt>, "hhh", 
"blub", "XXX"), but it is
        impossible to match the entry in the netbsd Version.
        The problem is due to a "bad" speed optimization exit in the netbsd 
version.
        In file /usr/src/lib/libc/gen/getnetgrent.c in function 
_local_innetgr() there is a "fast" check
        against netgroup.byuser of netgroup.byhost, if only on of them is set.
        But accedently the function is exited if a domain is specified.
        This will fail all kind of lookups where all three parts are specified.
        It will also fail to match an empty domain part in the netgroup, if 
some data is passed to innetgr().
>How-To-Repeat:
        Create a netgroup with all fiels filled in and try to match an entry
        with all three fields specified in innetgr() call.
        It will never match.
>Fix:
        The following patch will fix the problem and produces the expected 
matches as on Solaris.

--- getnetgrent.c.orig  2012-12-07 13:53:52.000000000 +0100
+++ getnetgrent.c       2012-12-07 13:55:42.000000000 +0100
@@ -795,16 +795,21 @@
                        *retval = 1;
                        return NS_SUCCESS;
                }
+               /* If a domainname is given, we would have found a match */
+               if (domain != NULL) {
+                       *retval = 0;
+                       return NS_SUCCESS;
+               }
        } else if (host == NULL && user != NULL) {
                if (in_lookup(grp, user, domain, _NG_KEYBYUSER)) {
                        *retval = 1;
                        return NS_SUCCESS;
                }
-       }
-       /* If a domainname is given, we would have found a match */
-       if (domain != NULL) {
-               *retval = 0;
-               return NS_SUCCESS;
+               /* If a domainname is given, we would have found a match */
+               if (domain != NULL) {
+                       *retval = 0;
+                       return NS

>Unformatted:

Prev by Date: Re: kern/47290 (Boot hangs up (regression in 6.0.0_PATCH since 6.0_RELEASE))
Next by Date: Re: lib/47293: innetgr(3) failed to match correctly
Previous by Thread: Re: kern/47290 (Boot hangs up (regression in 6.0.0_PATCH since 6.0_RELEASE))
Next by Thread: Re: lib/47293: innetgr(3) failed to match correctly
Indexes:

Home | Main Index | Thread Index | Old Index