search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tile: Check for pointer add overflow in memchr
[glibc.git] / nscd / pwdcache.c
blob721f4c617b0bb74a5537887cf021d43dfc6891fb
1 /* Cache handling for passwd lookup.
2 Copyright (C) 1998-2017 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published
8 by the Free Software Foundation; version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, see <http://www.gnu.org/licenses/>. */
18
19 #include <alloca.h>
20 #include <assert.h>
21 #include <errno.h>
22 #include <error.h>
23 #include <libintl.h>
24 #include <pwd.h>
25 #include <stdbool.h>
26 #include <stddef.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <time.h>
31 #include <unistd.h>
32 #include <sys/mman.h>
33 #include <sys/socket.h>
34 #include <stackinfo.h>
35
36 #include "nscd.h"
37 #include "dbg_log.h"
38 #ifdef HAVE_SENDFILE
39 # include <kernel-features.h>
40 #endif
41
42 /* This is the standard reply in case the service is disabled. */
43 static const pw_response_header disabled =
44 {
45 .version = NSCD_VERSION,
46 .found = -1,
47 .pw_name_len = 0,
48 .pw_passwd_len = 0,
49 .pw_uid = -1,
50 .pw_gid = -1,
51 .pw_gecos_len = 0,
52 .pw_dir_len = 0,
53 .pw_shell_len = 0
54 };
55
56 /* This is the struct describing how to write this record. */
57 const struct iovec pwd_iov_disabled =
58 {
59 .iov_base = (void *) &disabled,
60 .iov_len = sizeof (disabled)
61 };
62
63
64 /* This is the standard reply in case we haven't found the dataset. */
65 static const pw_response_header notfound =
66 {
67 .version = NSCD_VERSION,
68 .found = 0,
69 .pw_name_len = 0,
70 .pw_passwd_len = 0,
71 .pw_uid = -1,
72 .pw_gid = -1,
73 .pw_gecos_len = 0,
74 .pw_dir_len = 0,
75 .pw_shell_len = 0
76 };
77
78
79 static time_t
80 cache_addpw (struct database_dyn *db, int fd, request_header *req,
81 const void *key, struct passwd *pwd, uid_t owner,
82 struct hashentry *const he, struct datahead *dh, int errval)
83 {
84 bool all_written = true;
85 ssize_t total;
86 time_t t = time (NULL);
87
88 /* We allocate all data in one memory block: the iov vector,
89 the response header and the dataset itself. */
90 struct dataset
91 {
92 struct datahead head;
93 pw_response_header resp;
94 char strdata[0];
95 } *dataset;
96
97 assert (offsetof (struct dataset, resp) == offsetof (struct datahead, data));
98
99 time_t timeout = MAX_TIMEOUT_VALUE;
100 if (pwd == NULL)
101 {
102 if (he != NULL && errval == EAGAIN)
103 {
104 /* If we have an old record available but cannot find one
105 now because the service is not available we keep the old
106 record and make sure it does not get removed. */
107 if (reload_count != UINT_MAX && dh->nreloads == reload_count)
108 /* Do not reset the value if we never not reload the record. */
109 dh->nreloads = reload_count - 1;
110
111 /* Reload with the same time-to-live value. */
112 timeout = dh->timeout = t + db->postimeout;
113
114 total = 0;
115 }
116 else
117 {
118 /* We have no data. This means we send the standard reply for this
119 case. */
120 total = sizeof (notfound);
121
122 if (fd != -1
123 && TEMP_FAILURE_RETRY (send (fd, &notfound, total,
124 MSG_NOSIGNAL)) != total)
125 all_written = false;
126
127 /* If we have a transient error or cannot permanently store
128 the result, so be it. */
129 if (errno == EAGAIN || __builtin_expect (db->negtimeout == 0, 0))
130 {
131 /* Mark the old entry as obsolete. */
132 if (dh != NULL)
133 dh->usable = false;
134 }
135 else if ((dataset = mempool_alloc (db, (sizeof (struct dataset)
136 + req->key_len), 1)) != NULL)
137 {
138 timeout = datahead_init_neg (&dataset->head,
139 (sizeof (struct dataset)
140 + req->key_len), total,
141 db->negtimeout);
142
143 /* This is the reply. */
144 memcpy (&dataset->resp, &notfound, total);
145
146 /* Copy the key data. */
147 char *key_copy = memcpy (dataset->strdata, key, req->key_len);
148
149 /* If necessary, we also propagate the data to disk. */
150 if (db->persistent)
151 {
152 // XXX async OK?
153 uintptr_t pval = (uintptr_t) dataset & ~pagesize_m1;
154 msync ((void *) pval,
155 ((uintptr_t) dataset & pagesize_m1)
156 + sizeof (struct dataset) + req->key_len, MS_ASYNC);
157 }
158
159 (void) cache_add (req->type, key_copy, req->key_len,
160 &dataset->head, true, db, owner, he == NULL);
161
162 pthread_rwlock_unlock (&db->lock);
163
164 /* Mark the old entry as obsolete. */
165 if (dh != NULL)
166 dh->usable = false;
167 }
168 }
169 }
170 else
171 {
172 /* Determine the I/O structure. */
173 size_t pw_name_len = strlen (pwd->pw_name) + 1;
174 size_t pw_passwd_len = strlen (pwd->pw_passwd) + 1;
175 size_t pw_gecos_len = strlen (pwd->pw_gecos) + 1;
176 size_t pw_dir_len = strlen (pwd->pw_dir) + 1;
177 size_t pw_shell_len = strlen (pwd->pw_shell) + 1;
178 char *cp;
179 const size_t key_len = strlen (key);
180 const size_t buf_len = 3 * sizeof (pwd->pw_uid) + key_len + 1;
181 char *buf = alloca (buf_len);
182 ssize_t n;
183
184 /* We need this to insert the `byuid' entry. */
185 int key_offset;
186 n = snprintf (buf, buf_len, "%d%c%n%s", pwd->pw_uid, '\0',
187 &key_offset, (char *) key) + 1;
188
189 total = (offsetof (struct dataset, strdata)
190 + pw_name_len + pw_passwd_len
191 + pw_gecos_len + pw_dir_len + pw_shell_len);
192
193 /* If we refill the cache, first assume the reconrd did not
194 change. Allocate memory on the cache since it is likely
195 discarded anyway. If it turns out to be necessary to have a
196 new record we can still allocate real memory. */
197 bool alloca_used = false;
198 dataset = NULL;
199
200 if (he == NULL)
201 {
202 /* Prevent an INVALIDATE request from pruning the data between
203 the two calls to cache_add. */
204 if (db->propagate)
205 pthread_mutex_lock (&db->prune_run_lock);
206 dataset = (struct dataset *) mempool_alloc (db, total + n, 1);
207 }
208
209 if (dataset == NULL)
210 {
211 if (he == NULL && db->propagate)
212 pthread_mutex_unlock (&db->prune_run_lock);
213
214 /* We cannot permanently add the result in the moment. But
215 we can provide the result as is. Store the data in some
216 temporary memory. */
217 dataset = (struct dataset *) alloca (total + n);
218
219 /* We cannot add this record to the permanent database. */
220 alloca_used = true;
221 }
222
223 timeout = datahead_init_pos (&dataset->head, total + n,
224 total - offsetof (struct dataset, resp),
225 he == NULL ? 0 : dh->nreloads + 1,
226 db->postimeout);
227
228 dataset->resp.version = NSCD_VERSION;
229 dataset->resp.found = 1;
230 dataset->resp.pw_name_len = pw_name_len;
231 dataset->resp.pw_passwd_len = pw_passwd_len;
232 dataset->resp.pw_uid = pwd->pw_uid;
233 dataset->resp.pw_gid = pwd->pw_gid;
234 dataset->resp.pw_gecos_len = pw_gecos_len;
235 dataset->resp.pw_dir_len = pw_dir_len;
236 dataset->resp.pw_shell_len = pw_shell_len;
237
238 cp = dataset->strdata;
239
240 /* Copy the strings over into the buffer. */
241 cp = mempcpy (cp, pwd->pw_name, pw_name_len);
242 cp = mempcpy (cp, pwd->pw_passwd, pw_passwd_len);
243 cp = mempcpy (cp, pwd->pw_gecos, pw_gecos_len);
244 cp = mempcpy (cp, pwd->pw_dir, pw_dir_len);
245 cp = mempcpy (cp, pwd->pw_shell, pw_shell_len);
246
247 /* Finally the stringified UID value. */
248 memcpy (cp, buf, n);
249 char *key_copy = cp + key_offset;
250 assert (key_copy == (char *) rawmemchr (cp, '\0') + 1);
251
252 assert (cp == dataset->strdata + total - offsetof (struct dataset,
253 strdata));
254
255 /* Now we can determine whether on refill we have to create a new
256 record or not. */
257 if (he != NULL)
258 {
259 assert (fd == -1);
260
261 if (dataset->head.allocsize == dh->allocsize
262 && dataset->head.recsize == dh->recsize
263 && memcmp (&dataset->resp, dh->data,
264 dh->allocsize - offsetof (struct dataset, resp)) == 0)
265 {
266 /* The data has not changed. We will just bump the
267 timeout value. Note that the new record has been
268 allocated on the stack and need not be freed. */
269 dh->timeout = dataset->head.timeout;
270 ++dh->nreloads;
271 }
272 else
273 {
274 /* We have to create a new record. Just allocate
275 appropriate memory and copy it. */
276 struct dataset *newp
277 = (struct dataset *) mempool_alloc (db, total + n, 1);
278 if (newp != NULL)
279 {
280 /* Adjust pointer into the memory block. */
281 cp = (char *) newp + (cp - (char *) dataset);
282 key_copy = (char *) newp + (key_copy - (char *) dataset);
283
284 dataset = memcpy (newp, dataset, total + n);
285 alloca_used = false;
286 }
287
288 /* Mark the old record as obsolete. */
289 dh->usable = false;
290 }
291 }
292 else
293 {
294 /* We write the dataset before inserting it to the database
295 since while inserting this thread might block and so would
296 unnecessarily let the receiver wait. */
297 assert (fd != -1);
298
299 #ifdef HAVE_SENDFILE
300 if (__builtin_expect (db->mmap_used, 1) && !alloca_used)
301 {
302 assert (db->wr_fd != -1);
303 assert ((char *) &dataset->resp > (char *) db->data);
304 assert ((char *) dataset - (char *) db->head
305 + total
306 <= (sizeof (struct database_pers_head)
307 + db->head->module * sizeof (ref_t)
308 + db->head->data_size));
309 ssize_t written = sendfileall (fd, db->wr_fd,
310 (char *) &dataset->resp
311 - (char *) db->head,
312 dataset->head.recsize);
313 if (written != dataset->head.recsize)
314 {
315 # ifndef __ASSUME_SENDFILE
316 if (written == -1 && errno == ENOSYS)
317 goto use_write;
318 # endif
319 all_written = false;
320 }
321 }
322 else
323 # ifndef __ASSUME_SENDFILE
324 use_write:
325 # endif
326 #endif
327 if (writeall (fd, &dataset->resp, dataset->head.recsize)
328 != dataset->head.recsize)
329 all_written = false;
330 }
331
332
333 /* Add the record to the database. But only if it has not been
334 stored on the stack. */
335 if (! alloca_used)
336 {
337 /* If necessary, we also propagate the data to disk. */
338 if (db->persistent)
339 {
340 // XXX async OK?
341 uintptr_t pval = (uintptr_t) dataset & ~pagesize_m1;
342 msync ((void *) pval,
343 ((uintptr_t) dataset & pagesize_m1) + total + n,
344 MS_ASYNC);
345 }
346
347 /* NB: in the following code we always must add the entry
348 marked with FIRST first. Otherwise we end up with
349 dangling "pointers" in case a latter hash entry cannot be
350 added. */
351 bool first = true;
352
353 /* If the request was by UID, add that entry first. */
354 if (req->type == GETPWBYUID)
355 {
356 if (cache_add (GETPWBYUID, cp, key_offset, &dataset->head, true,
357 db, owner, he == NULL) < 0)
358 goto out;
359
360 first = false;
361 }
362 /* If the key is different from the name add a separate entry. */
363 else if (strcmp (key_copy, dataset->strdata) != 0)
364 {
365 if (cache_add (GETPWBYNAME, key_copy, key_len + 1,
366 &dataset->head, true, db, owner, he == NULL) < 0)
367 goto out;
368
369 first = false;
370 }
371
372 /* We have to add the value for both, byname and byuid. */
373 if ((req->type == GETPWBYNAME || db->propagate)
374 && __builtin_expect (cache_add (GETPWBYNAME, dataset->strdata,
375 pw_name_len, &dataset->head,
376 first, db, owner, he == NULL)
377 == 0, 1))
378 {
379 if (req->type == GETPWBYNAME && db->propagate)
380 (void) cache_add (GETPWBYUID, cp, key_offset, &dataset->head,
381 false, db, owner, false);
382 }
383
384 out:
385 pthread_rwlock_unlock (&db->lock);
386 if (he == NULL && db->propagate)
387 pthread_mutex_unlock (&db->prune_run_lock);
388 }
389 }
390
391 if (__builtin_expect (!all_written, 0) && debug_level > 0)
392 {
393 char buf[256];
394 dbg_log (_("short write in %s: %s"), __FUNCTION__,
395 strerror_r (errno, buf, sizeof (buf)));
396 }
397
398 return timeout;
399 }
400
401
402 union keytype
403 {
404 void *v;
405 uid_t u;
406 };
407
408
409 static int
410 lookup (int type, union keytype key, struct passwd *resultbufp, char *buffer,
411 size_t buflen, struct passwd **pwd)
412 {
413 if (type == GETPWBYNAME)
414 return __getpwnam_r (key.v, resultbufp, buffer, buflen, pwd);
415 else
416 return __getpwuid_r (key.u, resultbufp, buffer, buflen, pwd);
417 }
418
419
420 static time_t
421 addpwbyX (struct database_dyn *db, int fd, request_header *req,
422 union keytype key, const char *keystr, uid_t c_uid,
423 struct hashentry *he, struct datahead *dh)
424 {
425 /* Search for the entry matching the key. Please note that we don't
426 look again in the table whether the dataset is now available. We
427 simply insert it. It does not matter if it is in there twice. The
428 pruning function only will look at the timestamp. */
429 size_t buflen = 1024;
430 char *buffer = (char *) alloca (buflen);
431 struct passwd resultbuf;
432 struct passwd *pwd;
433 bool use_malloc = false;
434 int errval = 0;
435
436 if (__glibc_unlikely (debug_level > 0))
437 {
438 if (he == NULL)
439 dbg_log (_("Haven't found \"%s\" in password cache!"), keystr);
440 else
441 dbg_log (_("Reloading \"%s\" in password cache!"), keystr);
442 }
443
444 while (lookup (req->type, key, &resultbuf, buffer, buflen, &pwd) != 0
445 && (errval = errno) == ERANGE)
446 {
447 errno = 0;
448
449 if (__glibc_unlikely (buflen > 32768))
450 {
451 char *old_buffer = buffer;
452 buflen *= 2;
453 buffer = (char *) realloc (use_malloc ? buffer : NULL, buflen);
454 if (buffer == NULL)
455 {
456 /* We ran out of memory. We cannot do anything but
457 sending a negative response. In reality this should
458 never happen. */
459 pwd = NULL;
460 buffer = old_buffer;
461
462 /* We set the error to indicate this is (possibly) a
463 temporary error and that it does not mean the entry
464 is not available at all. */
465 errval = EAGAIN;
466 break;
467 }
468 use_malloc = true;
469 }
470 else
471 /* Allocate a new buffer on the stack. If possible combine it
472 with the previously allocated buffer. */
473 buffer = (char *) extend_alloca (buffer, buflen, 2 * buflen);
474 }
475
476 /* Add the entry to the cache. */
477 time_t timeout = cache_addpw (db, fd, req, keystr, pwd, c_uid, he, dh,
478 errval);
479
480 if (use_malloc)
481 free (buffer);
482
483 return timeout;
484 }
485
486
487 void
488 addpwbyname (struct database_dyn *db, int fd, request_header *req,
489 void *key, uid_t c_uid)
490 {
491 union keytype u = { .v = key };
492
493 addpwbyX (db, fd, req, u, key, c_uid, NULL, NULL);
494 }
495
496
497 time_t
498 readdpwbyname (struct database_dyn *db, struct hashentry *he,
499 struct datahead *dh)
500 {
501 request_header req =
502 {
503 .type = GETPWBYNAME,
504 .key_len = he->len
505 };
506 union keytype u = { .v = db->data + he->key };
507
508 return addpwbyX (db, -1, &req, u, db->data + he->key, he->owner, he, dh);
509 }
510
511
512 void
513 addpwbyuid (struct database_dyn *db, int fd, request_header *req,
514 void *key, uid_t c_uid)
515 {
516 char *ep;
517 uid_t uid = strtoul ((char *) key, &ep, 10);
518
519 if (*(char *) key == '\0' || *ep != '\0') /* invalid numeric uid */
520 {
521 if (debug_level > 0)
522 dbg_log (_("Invalid numeric uid \"%s\"!"), (char *) key);
523
524 errno = EINVAL;
525 return;
526 }
527
528 union keytype u = { .u = uid };
529
530 addpwbyX (db, fd, req, u, key, c_uid, NULL, NULL);
531 }
532
533
534 time_t
535 readdpwbyuid (struct database_dyn *db, struct hashentry *he,
536 struct datahead *dh)
537 {
538 char *ep;
539 uid_t uid = strtoul (db->data + he->key, &ep, 10);
540
541 /* Since the key has been added before it must be OK. */
542 assert (*(db->data + he->key) != '\0' && *ep == '\0');
543
544 request_header req =
545 {
546 .type = GETPWBYUID,
547 .key_len = he->len
548 };
549 union keytype u = { .u = uid };
550
551 return addpwbyX (db, -1, &req, u, db->data + he->key, he->owner, he, dh);
552 }
sources.redhat.com git mirror of glibc CVS