Skip to content

Commit cdccd29

Browse files
poetteringpoettering
committed
nss: unportect errno before writing to NSS' *errnop
Fixes: systemd#11321
1 parent 840f606 commit cdccd29

File tree

4 files changed

+44
-0
lines changed

4 files changed

+44
-0
lines changed

src/nss-myhostname/nss-myhostname.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@ enum nss_status _nss_myhostname_gethostbyname4_r(
7474
} else {
7575
hn = gethostname_malloc();
7676
if (!hn) {
77+
UNPROTECT_ERRNO;
7778
*errnop = ENOMEM;
7879
*h_errnop = NO_RECOVERY;
7980
return NSS_STATUS_TRYAGAIN;
@@ -96,6 +97,7 @@ enum nss_status _nss_myhostname_gethostbyname4_r(
9697
l = strlen(canonical);
9798
ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * (n_addresses > 0 ? n_addresses : 2);
9899
if (buflen < ms) {
100+
UNPROTECT_ERRNO;
99101
*errnop = ERANGE;
100102
*h_errnop = NETDB_INTERNAL;
101103
return NSS_STATUS_TRYAGAIN;
@@ -186,6 +188,8 @@ static enum nss_status fill_in_hostent(
186188
assert(errnop);
187189
assert(h_errnop);
188190

191+
PROTECT_ERRNO;
192+
189193
alen = FAMILY_ADDRESS_SIZE(af);
190194

191195
for (a = addresses, n = 0, c = 0; n < n_addresses; a++, n++)
@@ -202,6 +206,7 @@ static enum nss_status fill_in_hostent(
202206
(c > 0 ? c+1 : 2) * sizeof(char*);
203207

204208
if (buflen < ms) {
209+
UNPROTECT_ERRNO;
205210
*errnop = ERANGE;
206211
*h_errnop = NETDB_INTERNAL;
207212
return NSS_STATUS_TRYAGAIN;
@@ -321,6 +326,7 @@ enum nss_status _nss_myhostname_gethostbyname3_r(
321326
af = AF_INET;
322327

323328
if (!IN_SET(af, AF_INET, AF_INET6)) {
329+
UNPROTECT_ERRNO;
324330
*errnop = EAFNOSUPPORT;
325331
*h_errnop = NO_DATA;
326332
return NSS_STATUS_UNAVAIL;
@@ -343,6 +349,7 @@ enum nss_status _nss_myhostname_gethostbyname3_r(
343349
} else {
344350
hn = gethostname_malloc();
345351
if (!hn) {
352+
UNPROTECT_ERRNO;
346353
*errnop = ENOMEM;
347354
*h_errnop = NO_RECOVERY;
348355
return NSS_STATUS_TRYAGAIN;
@@ -362,6 +369,8 @@ enum nss_status _nss_myhostname_gethostbyname3_r(
362369
local_address_ipv4 = LOCALADDRESS_IPV4;
363370
}
364371

372+
UNPROTECT_ERRNO;
373+
365374
return fill_in_hostent(
366375
canonical, additional,
367376
af,
@@ -401,12 +410,14 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r(
401410
assert(h_errnop);
402411

403412
if (!IN_SET(af, AF_INET, AF_INET6)) {
413+
UNPROTECT_ERRNO;
404414
*errnop = EAFNOSUPPORT;
405415
*h_errnop = NO_DATA;
406416
return NSS_STATUS_UNAVAIL;
407417
}
408418

409419
if (len != FAMILY_ADDRESS_SIZE(af)) {
420+
UNPROTECT_ERRNO;
410421
*errnop = EINVAL;
411422
*h_errnop = NO_RECOVERY;
412423
return NSS_STATUS_UNAVAIL;
@@ -461,6 +472,7 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r(
461472
if (!canonical || additional_from_hostname) {
462473
hn = gethostname_malloc();
463474
if (!hn) {
475+
UNPROTECT_ERRNO;
464476
*errnop = ENOMEM;
465477
*h_errnop = NO_RECOVERY;
466478
return NSS_STATUS_TRYAGAIN;
@@ -472,6 +484,7 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r(
472484
additional = hn;
473485
}
474486

487+
UNPROTECT_ERRNO;
475488
return fill_in_hostent(
476489
canonical, additional,
477490
af,

src/nss-mymachines/nss-mymachines.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,7 @@ enum nss_status _nss_mymachines_gethostbyname4_r(
153153
l = strlen(name);
154154
ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * c;
155155
if (buflen < ms) {
156+
UNPROTECT_ERRNO;
156157
*errnop = ERANGE;
157158
*h_errnop = NETDB_INTERNAL;
158159
return NSS_STATUS_TRYAGAIN;
@@ -227,6 +228,7 @@ enum nss_status _nss_mymachines_gethostbyname4_r(
227228
return NSS_STATUS_SUCCESS;
228229

229230
fail:
231+
UNPROTECT_ERRNO;
230232
*errnop = -r;
231233
*h_errnop = NO_DATA;
232234
return NSS_STATUS_UNAVAIL;
@@ -313,6 +315,7 @@ enum nss_status _nss_mymachines_gethostbyname3_r(
313315
ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*);
314316

315317
if (buflen < ms) {
318+
UNPROTECT_ERRNO;
316319
*errnop = ERANGE;
317320
*h_errnop = NETDB_INTERNAL;
318321
return NSS_STATUS_TRYAGAIN;
@@ -396,6 +399,7 @@ enum nss_status _nss_mymachines_gethostbyname3_r(
396399
return NSS_STATUS_SUCCESS;
397400

398401
fail:
402+
UNPROTECT_ERRNO;
399403
*errnop = -r;
400404
*h_errnop = NO_DATA;
401405
return NSS_STATUS_UNAVAIL;
@@ -484,6 +488,7 @@ enum nss_status _nss_mymachines_getpwnam_r(
484488

485489
l = strlen(name);
486490
if (buflen < l+1) {
491+
UNPROTECT_ERRNO;
487492
*errnop = ERANGE;
488493
return NSS_STATUS_TRYAGAIN;
489494
}
@@ -501,6 +506,7 @@ enum nss_status _nss_mymachines_getpwnam_r(
501506
return NSS_STATUS_SUCCESS;
502507

503508
fail:
509+
UNPROTECT_ERRNO;
504510
*errnop = -r;
505511
return NSS_STATUS_UNAVAIL;
506512
}
@@ -564,6 +570,7 @@ enum nss_status _nss_mymachines_getpwuid_r(
564570
return NSS_STATUS_NOTFOUND;
565571

566572
if (snprintf(buffer, buflen, "vu-%s-" UID_FMT, machine, (uid_t) mapped) >= (int) buflen) {
573+
UNPROTECT_ERRNO;
567574
*errnop = ERANGE;
568575
return NSS_STATUS_TRYAGAIN;
569576
}
@@ -579,6 +586,7 @@ enum nss_status _nss_mymachines_getpwuid_r(
579586
return NSS_STATUS_SUCCESS;
580587

581588
fail:
589+
UNPROTECT_ERRNO;
582590
*errnop = -r;
583591
return NSS_STATUS_UNAVAIL;
584592
}
@@ -662,6 +670,7 @@ enum nss_status _nss_mymachines_getgrnam_r(
662670

663671
l = sizeof(char*) + strlen(name) + 1;
664672
if (buflen < l) {
673+
UNPROTECT_ERRNO;
665674
*errnop = ERANGE;
666675
return NSS_STATUS_TRYAGAIN;
667676
}
@@ -677,6 +686,7 @@ enum nss_status _nss_mymachines_getgrnam_r(
677686
return NSS_STATUS_SUCCESS;
678687

679688
fail:
689+
UNPROTECT_ERRNO;
680690
*errnop = -r;
681691
return NSS_STATUS_UNAVAIL;
682692
}
@@ -740,12 +750,14 @@ enum nss_status _nss_mymachines_getgrgid_r(
740750
return NSS_STATUS_NOTFOUND;
741751

742752
if (buflen < sizeof(char*) + 1) {
753+
UNPROTECT_ERRNO;
743754
*errnop = ERANGE;
744755
return NSS_STATUS_TRYAGAIN;
745756
}
746757

747758
memzero(buffer, sizeof(char*));
748759
if (snprintf(buffer + sizeof(char*), buflen - sizeof(char*), "vg-%s-" GID_FMT, machine, (gid_t) mapped) >= (int) buflen) {
760+
UNPROTECT_ERRNO;
749761
*errnop = ERANGE;
750762
return NSS_STATUS_TRYAGAIN;
751763
}
@@ -758,6 +770,7 @@ enum nss_status _nss_mymachines_getgrgid_r(
758770
return NSS_STATUS_SUCCESS;
759771

760772
fail:
773+
UNPROTECT_ERRNO;
761774
*errnop = -r;
762775
return NSS_STATUS_UNAVAIL;
763776
}

src/nss-resolve/nss-resolve.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,7 @@ enum nss_status _nss_resolve_gethostbyname4_r(
186186
l = strlen(canonical);
187187
ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * c;
188188
if (buflen < ms) {
189+
UNPROTECT_ERRNO;
189190
*errnop = ERANGE;
190191
*h_errnop = NETDB_INTERNAL;
191192
return NSS_STATUS_TRYAGAIN;
@@ -267,6 +268,7 @@ enum nss_status _nss_resolve_gethostbyname4_r(
267268
return NSS_STATUS_SUCCESS;
268269

269270
fail:
271+
UNPROTECT_ERRNO;
270272
*errnop = -r;
271273
*h_errnop = NO_RECOVERY;
272274
return ret;
@@ -364,6 +366,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
364366
ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*);
365367

366368
if (buflen < ms) {
369+
UNPROTECT_ERRNO;
367370
*errnop = ERANGE;
368371
*h_errnop = NETDB_INTERNAL;
369372
return NSS_STATUS_TRYAGAIN;
@@ -455,6 +458,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
455458
return NSS_STATUS_SUCCESS;
456459

457460
fail:
461+
UNPROTECT_ERRNO;
458462
*errnop = -r;
459463
*h_errnop = NO_RECOVERY;
460464
return ret;
@@ -492,12 +496,14 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
492496
assert(h_errnop);
493497

494498
if (!IN_SET(af, AF_INET, AF_INET6)) {
499+
UNPROTECT_ERRNO;
495500
*errnop = EAFNOSUPPORT;
496501
*h_errnop = NO_DATA;
497502
return NSS_STATUS_UNAVAIL;
498503
}
499504

500505
if (len != FAMILY_ADDRESS_SIZE(af)) {
506+
UNPROTECT_ERRNO;
501507
*errnop = EINVAL;
502508
*h_errnop = NO_RECOVERY;
503509
return NSS_STATUS_UNAVAIL;
@@ -576,6 +582,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
576582
c * sizeof(char*); /* pointers to aliases, plus trailing NULL */
577583

578584
if (buflen < ms) {
585+
UNPROTECT_ERRNO;
579586
*errnop = ERANGE;
580587
*h_errnop = NETDB_INTERNAL;
581588
return NSS_STATUS_TRYAGAIN;
@@ -636,6 +643,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
636643
return NSS_STATUS_SUCCESS;
637644

638645
fail:
646+
UNPROTECT_ERRNO;
639647
*errnop = -r;
640648
*h_errnop = NO_RECOVERY;
641649
return ret;

src/nss-systemd/nss-systemd.c

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -210,6 +210,7 @@ enum nss_status _nss_systemd_getpwnam_r(
210210

211211
l = strlen(name);
212212
if (buflen < l+1) {
213+
UNPROTECT_ERRNO;
213214
*errnop = ERANGE;
214215
return NSS_STATUS_TRYAGAIN;
215216
}
@@ -227,6 +228,7 @@ enum nss_status _nss_systemd_getpwnam_r(
227228
return NSS_STATUS_SUCCESS;
228229

229230
fail:
231+
UNPROTECT_ERRNO;
230232
*errnop = -r;
231233
return NSS_STATUS_UNAVAIL;
232234
}
@@ -310,6 +312,7 @@ enum nss_status _nss_systemd_getpwuid_r(
310312

311313
l = strlen(translated) + 1;
312314
if (buflen < l) {
315+
UNPROTECT_ERRNO;
313316
*errnop = ERANGE;
314317
return NSS_STATUS_TRYAGAIN;
315318
}
@@ -327,6 +330,7 @@ enum nss_status _nss_systemd_getpwuid_r(
327330
return NSS_STATUS_SUCCESS;
328331

329332
fail:
333+
UNPROTECT_ERRNO;
330334
*errnop = -r;
331335
return NSS_STATUS_UNAVAIL;
332336
}
@@ -408,6 +412,7 @@ enum nss_status _nss_systemd_getgrnam_r(
408412

409413
l = sizeof(char*) + strlen(name) + 1;
410414
if (buflen < l) {
415+
UNPROTECT_ERRNO;
411416
*errnop = ERANGE;
412417
return NSS_STATUS_TRYAGAIN;
413418
}
@@ -423,6 +428,7 @@ enum nss_status _nss_systemd_getgrnam_r(
423428
return NSS_STATUS_SUCCESS;
424429

425430
fail:
431+
UNPROTECT_ERRNO;
426432
*errnop = -r;
427433
return NSS_STATUS_UNAVAIL;
428434
}
@@ -506,6 +512,7 @@ enum nss_status _nss_systemd_getgrgid_r(
506512

507513
l = sizeof(char*) + strlen(translated) + 1;
508514
if (buflen < l) {
515+
UNPROTECT_ERRNO;
509516
*errnop = ERANGE;
510517
return NSS_STATUS_TRYAGAIN;
511518
}
@@ -521,6 +528,7 @@ enum nss_status _nss_systemd_getgrgid_r(
521528
return NSS_STATUS_SUCCESS;
522529

523530
fail:
531+
UNPROTECT_ERRNO;
524532
*errnop = -r;
525533
return NSS_STATUS_UNAVAIL;
526534
}
@@ -740,6 +748,7 @@ enum nss_status _nss_systemd_getpwent_r(struct passwd *result, char *buffer, siz
740748
LIST_FOREACH(entries, p, getpwent_data.position) {
741749
len = strlen(p->name) + 1;
742750
if (buflen < len) {
751+
UNPROTECT_ERRNO;
743752
*errnop = ERANGE;
744753
ret = NSS_STATUS_TRYAGAIN;
745754
goto finalize;
@@ -791,6 +800,7 @@ enum nss_status _nss_systemd_getgrent_r(struct group *result, char *buffer, size
791800
LIST_FOREACH(entries, p, getgrent_data.position) {
792801
len = sizeof(char*) + strlen(p->name) + 1;
793802
if (buflen < len) {
803+
UNPROTECT_ERRNO;
794804
*errnop = ERANGE;
795805
ret = NSS_STATUS_TRYAGAIN;
796806
goto finalize;

0 commit comments

Comments
 (0)