kern/130749: [libc] nscache.c/nscachedcli.c - return error if string of /etc/group is long

Andrey Zonov andrey.zonov at gmail.com
Mon Jan 19 08:00:13 PST 2009


>Number:         130749
>Category:       kern
>Synopsis:       [libc] nscache.c/nscachedcli.c - return error if string of /etc/group is long
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 19 16:00:09 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Andrey Zonov
>Release:        7.1-RELEASE-p2
>Organization:
>Environment:
FreeBSD {sorry,cut}.ru 7.1-RELEASE-p2 FreeBSD 7.1-RELEASE-p2 #0: Sun Jan 18 16:15:29 MSK 2009     root@{sorry,cut}.ru:/usr/obj/usr/src/sys/FBSD7_AMD64_ULE  amd64
>Description:
nscd return error if string of /etc/group is long and return groups directly from /etc/group, really my problem with NIS long group, but with long group from /etc/group bug as affected.

I thing bug in src/lib/libc/net/nscachedcli.c. safe_read() return rec_error_code=848338984, then try read long group.
>How-To-Repeat:
1. Add in /etc/group:
strangegroup:*:9999:aa,ab,ac,ad,ae,af,ag,ah,ai,aj,ak,al,am,an,ao,ap,aq,ar,as,at,au,av,aw,ax,ay,az,ba,bb,bc,bd,be,bf,bg,bh,bi,bj,bk,bl,bm,bn,bo,bp,bq,br,bs,bt,bu,bv,bw,bx,by,bz,ca,cb,cc,cd,ce,cf,cg,ch,ci,cj,ck,cl,cm,cn,co,cp,cq,cr,cs,ct,cu,cv,cw,cx,cy,cz,da,db,dc,dd,de,df,dg,dh,di,dj,dk,dl,dm,dn,do

2. Edit /etc/nsswitch.conf:
group: cache compat

3. $ getent group | wc -l
     378

4. Run "nscd -t -n -s"

5. And run "getent group"
$ getent group | wc -l
     378
$ getent group | wc -l
     442
$ getent group | wc -l
     442

For local groups this is not critical, but for NIS (and other network management) is critical.

nscd show debug:
M1 from main: request agents registered successfully
M2 from cache: cache was successfully initialized
M2 from runtime environment: using socket /var/run/nscd
M2 from runtime environment: successfully initialized
M1 from main: working in single-threaded mode
E3 from on_mp_read_session_read_response_write1: write failed

>Fix:
Only workaround.

1. For nscd
--- src/lib/libc/net/nscache.c.orig     2009-01-11 22:30:47.000000000 +0300
+++ src/lib/libc/net/nscache.c  2009-01-12 13:23:45.000000000 +0300
@@ -39,7 +39,7 @@
 #define NSS_CACHE_KEY_INITIAL_SIZE     (256)
 #define NSS_CACHE_KEY_SIZE_LIMIT       (NSS_CACHE_KEY_INITIAL_SIZE << 4)
 
-#define NSS_CACHE_BUFFER_INITIAL_SIZE  (1024)
+#define NSS_CACHE_BUFFER_INITIAL_SIZE  (4096)
 #define NSS_CACHE_BUFFER_SIZE_LIMIT    (NSS_CACHE_BUFFER_INITIAL_SIZE << 8)
 
 #define CACHED_SOCKET_PATH             "/var/run/nscd"

2. And for NIS work this patch - http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/96840

>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list