CVE-2013-2207, BZ #15755: Disable pt_chown.
[glibc.git] / nscd / servicescache.c
blobb7738a7cb4824abafcfdc9ede3edff759158fe5c
1 /* Cache handling for services lookup.
2 Copyright (C) 2007-2013 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Ulrich Drepper <drepper@drepper.com>, 2007.
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published
8 by the Free Software Foundation; version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, see <http://www.gnu.org/licenses/>. */
19 #include <alloca.h>
20 #include <assert.h>
21 #include <errno.h>
22 #include <libintl.h>
23 #include <netdb.h>
24 #include <unistd.h>
25 #include <stdint.h>
26 #include <sys/mman.h>
27 #include <kernel-features.h>
29 #include "nscd.h"
30 #include "dbg_log.h"
33 /* This is the standard reply in case the service is disabled. */
34 static const serv_response_header disabled =
36 .version = NSCD_VERSION,
37 .found = -1,
38 .s_name_len = 0,
39 .s_proto_len = 0,
40 .s_aliases_cnt = 0,
41 .s_port = -1
44 /* This is the struct describing how to write this record. */
45 const struct iovec serv_iov_disabled =
47 .iov_base = (void *) &disabled,
48 .iov_len = sizeof (disabled)
52 /* This is the standard reply in case we haven't found the dataset. */
53 static const serv_response_header notfound =
55 .version = NSCD_VERSION,
56 .found = 0,
57 .s_name_len = 0,
58 .s_proto_len = 0,
59 .s_aliases_cnt = 0,
60 .s_port = -1
64 static time_t
65 cache_addserv (struct database_dyn *db, int fd, request_header *req,
66 const void *key, struct servent *serv, uid_t owner,
67 struct hashentry *const he, struct datahead *dh, int errval)
69 bool all_written = true;
70 ssize_t total;
71 time_t t = time (NULL);
73 /* We allocate all data in one memory block: the iov vector,
74 the response header and the dataset itself. */
75 struct dataset
77 struct datahead head;
78 serv_response_header resp;
79 char strdata[0];
80 } *dataset;
82 assert (offsetof (struct dataset, resp) == offsetof (struct datahead, data));
84 time_t timeout = MAX_TIMEOUT_VALUE;
85 if (serv == NULL)
87 if (he != NULL && errval == EAGAIN)
89 /* If we have an old record available but cannot find one
90 now because the service is not available we keep the old
91 record and make sure it does not get removed. */
92 if (reload_count != UINT_MAX)
93 /* Do not reset the value if we never not reload the record. */
94 dh->nreloads = reload_count - 1;
96 /* Reload with the same time-to-live value. */
97 timeout = dh->timeout = t + db->postimeout;
99 total = 0;
101 else
103 /* We have no data. This means we send the standard reply for this
104 case. */
105 total = sizeof (notfound);
107 if (fd != -1
108 && TEMP_FAILURE_RETRY (send (fd, &notfound, total,
109 MSG_NOSIGNAL)) != total)
110 all_written = false;
112 /* If we have a transient error or cannot permanently store
113 the result, so be it. */
114 if (errval == EAGAIN || __builtin_expect (db->negtimeout == 0, 0))
116 /* Mark the old entry as obsolete. */
117 if (dh != NULL)
118 dh->usable = false;
120 else if ((dataset = mempool_alloc (db, (sizeof (struct dataset)
121 + req->key_len), 1)) != NULL)
123 dataset->head.allocsize = sizeof (struct dataset) + req->key_len;
124 dataset->head.recsize = total;
125 dataset->head.notfound = true;
126 dataset->head.nreloads = 0;
127 dataset->head.usable = true;
129 /* Compute the timeout time. */
130 timeout = dataset->head.timeout = t + db->negtimeout;
132 /* This is the reply. */
133 memcpy (&dataset->resp, &notfound, total);
135 /* Copy the key data. */
136 memcpy (dataset->strdata, key, req->key_len);
138 /* If necessary, we also propagate the data to disk. */
139 if (db->persistent)
141 // XXX async OK?
142 uintptr_t pval = (uintptr_t) dataset & ~pagesize_m1;
143 msync ((void *) pval,
144 ((uintptr_t) dataset & pagesize_m1)
145 + sizeof (struct dataset) + req->key_len, MS_ASYNC);
148 (void) cache_add (req->type, &dataset->strdata, req->key_len,
149 &dataset->head, true, db, owner, he == NULL);
151 pthread_rwlock_unlock (&db->lock);
153 /* Mark the old entry as obsolete. */
154 if (dh != NULL)
155 dh->usable = false;
159 else
161 /* Determine the I/O structure. */
162 size_t s_name_len = strlen (serv->s_name) + 1;
163 size_t s_proto_len = strlen (serv->s_proto) + 1;
164 uint32_t *s_aliases_len;
165 size_t s_aliases_cnt;
166 char *aliases;
167 char *cp;
168 size_t cnt;
170 /* Determine the number of aliases. */
171 s_aliases_cnt = 0;
172 for (cnt = 0; serv->s_aliases[cnt] != NULL; ++cnt)
173 ++s_aliases_cnt;
174 /* Determine the length of all aliases. */
175 s_aliases_len = (uint32_t *) alloca (s_aliases_cnt * sizeof (uint32_t));
176 total = 0;
177 for (cnt = 0; cnt < s_aliases_cnt; ++cnt)
179 s_aliases_len[cnt] = strlen (serv->s_aliases[cnt]) + 1;
180 total += s_aliases_len[cnt];
183 total += (offsetof (struct dataset, strdata)
184 + s_name_len
185 + s_proto_len
186 + s_aliases_cnt * sizeof (uint32_t));
188 /* If we refill the cache, first assume the reconrd did not
189 change. Allocate memory on the cache since it is likely
190 discarded anyway. If it turns out to be necessary to have a
191 new record we can still allocate real memory. */
192 bool alloca_used = false;
193 dataset = NULL;
195 if (he == NULL)
196 dataset = (struct dataset *) mempool_alloc (db, total + req->key_len,
199 if (dataset == NULL)
201 /* We cannot permanently add the result in the moment. But
202 we can provide the result as is. Store the data in some
203 temporary memory. */
204 dataset = (struct dataset *) alloca (total + req->key_len);
206 /* We cannot add this record to the permanent database. */
207 alloca_used = true;
210 dataset->head.allocsize = total + req->key_len;
211 dataset->head.recsize = total - offsetof (struct dataset, resp);
212 dataset->head.notfound = false;
213 dataset->head.nreloads = he == NULL ? 0 : (dh->nreloads + 1);
214 dataset->head.usable = true;
216 /* Compute the timeout time. */
217 timeout = dataset->head.timeout = t + db->postimeout;
219 dataset->resp.version = NSCD_VERSION;
220 dataset->resp.found = 1;
221 dataset->resp.s_name_len = s_name_len;
222 dataset->resp.s_proto_len = s_proto_len;
223 dataset->resp.s_port = serv->s_port;
224 dataset->resp.s_aliases_cnt = s_aliases_cnt;
226 cp = dataset->strdata;
228 cp = mempcpy (cp, serv->s_name, s_name_len);
229 cp = mempcpy (cp, serv->s_proto, s_proto_len);
230 cp = mempcpy (cp, s_aliases_len, s_aliases_cnt * sizeof (uint32_t));
232 /* Then the aliases. */
233 aliases = cp;
234 for (cnt = 0; cnt < s_aliases_cnt; ++cnt)
235 cp = mempcpy (cp, serv->s_aliases[cnt], s_aliases_len[cnt]);
237 assert (cp
238 == dataset->strdata + total - offsetof (struct dataset,
239 strdata));
241 char *key_copy = memcpy (cp, key, req->key_len);
243 /* Now we can determine whether on refill we have to create a new
244 record or not. */
245 if (he != NULL)
247 assert (fd == -1);
249 if (total + req->key_len == dh->allocsize
250 && total - offsetof (struct dataset, resp) == dh->recsize
251 && memcmp (&dataset->resp, dh->data,
252 dh->allocsize - offsetof (struct dataset, resp)) == 0)
254 /* The data has not changed. We will just bump the
255 timeout value. Note that the new record has been
256 allocated on the stack and need not be freed. */
257 dh->timeout = dataset->head.timeout;
258 ++dh->nreloads;
260 else
262 /* We have to create a new record. Just allocate
263 appropriate memory and copy it. */
264 struct dataset *newp
265 = (struct dataset *) mempool_alloc (db, total + req->key_len,
267 if (newp != NULL)
269 /* Adjust pointers into the memory block. */
270 aliases = (char *) newp + (aliases - (char *) dataset);
271 assert (key_copy != NULL);
272 key_copy = (char *) newp + (key_copy - (char *) dataset);
274 dataset = memcpy (newp, dataset, total + req->key_len);
275 alloca_used = false;
278 /* Mark the old record as obsolete. */
279 dh->usable = false;
282 else
284 /* We write the dataset before inserting it to the database
285 since while inserting this thread might block and so would
286 unnecessarily keep the receiver waiting. */
287 assert (fd != -1);
289 #ifdef HAVE_SENDFILE
290 if (__builtin_expect (db->mmap_used, 1) && !alloca_used)
292 assert (db->wr_fd != -1);
293 assert ((char *) &dataset->resp > (char *) db->data);
294 assert ((char *) dataset - (char *) db->head
295 + total
296 <= (sizeof (struct database_pers_head)
297 + db->head->module * sizeof (ref_t)
298 + db->head->data_size));
299 ssize_t written = sendfileall (fd, db->wr_fd,
300 (char *) &dataset->resp
301 - (char *) db->head,
302 dataset->head.recsize);
303 if (written != dataset->head.recsize)
305 # ifndef __ASSUME_SENDFILE
306 if (written == -1 && errno == ENOSYS)
307 goto use_write;
308 # endif
309 all_written = false;
312 else
313 # ifndef __ASSUME_SENDFILE
314 use_write:
315 # endif
316 #endif
317 if (writeall (fd, &dataset->resp, dataset->head.recsize)
318 != dataset->head.recsize)
319 all_written = false;
322 /* Add the record to the database. But only if it has not been
323 stored on the stack. */
324 if (! alloca_used)
326 /* If necessary, we also propagate the data to disk. */
327 if (db->persistent)
329 // XXX async OK?
330 uintptr_t pval = (uintptr_t) dataset & ~pagesize_m1;
331 msync ((void *) pval,
332 ((uintptr_t) dataset & pagesize_m1)
333 + total + req->key_len, MS_ASYNC);
336 (void) cache_add (req->type, key_copy, req->key_len,
337 &dataset->head, true, db, owner, he == NULL);
339 pthread_rwlock_unlock (&db->lock);
343 if (__builtin_expect (!all_written, 0) && debug_level > 0)
345 char buf[256];
346 dbg_log (_("short write in %s: %s"), __FUNCTION__,
347 strerror_r (errno, buf, sizeof (buf)));
350 return timeout;
354 static int
355 lookup (int type, char *key, struct servent *resultbufp, char *buffer,
356 size_t buflen, struct servent **serv)
358 char *proto = strrchr (key, '/');
359 if (proto != NULL && proto != key)
361 key = strndupa (key, proto - key);
362 if (proto[1] == '\0')
363 proto = NULL;
364 else
365 ++proto;
368 if (type == GETSERVBYNAME)
369 return __getservbyname_r (key, proto, resultbufp, buffer, buflen, serv);
371 assert (type == GETSERVBYPORT);
372 return __getservbyport_r (atol (key), proto, resultbufp, buffer, buflen,
373 serv);
377 static time_t
378 addservbyX (struct database_dyn *db, int fd, request_header *req,
379 char *key, uid_t uid, struct hashentry *he, struct datahead *dh)
381 /* Search for the entry matching the key. Please note that we don't
382 look again in the table whether the dataset is now available. We
383 simply insert it. It does not matter if it is in there twice. The
384 pruning function only will look at the timestamp. */
385 size_t buflen = 1024;
386 char *buffer = (char *) alloca (buflen);
387 struct servent resultbuf;
388 struct servent *serv;
389 bool use_malloc = false;
390 int errval = 0;
392 if (__builtin_expect (debug_level > 0, 0))
394 if (he == NULL)
395 dbg_log (_("Haven't found \"%s\" in services cache!"), key);
396 else
397 dbg_log (_("Reloading \"%s\" in services cache!"), key);
400 while (lookup (req->type, key, &resultbuf, buffer, buflen, &serv) != 0
401 && (errval = errno) == ERANGE)
403 errno = 0;
405 if (__builtin_expect (buflen > 32768, 0))
407 char *old_buffer = buffer;
408 buflen *= 2;
409 buffer = (char *) realloc (use_malloc ? buffer : NULL, buflen);
410 if (buffer == NULL)
412 /* We ran out of memory. We cannot do anything but
413 sending a negative response. In reality this should
414 never happen. */
415 serv = NULL;
416 buffer = old_buffer;
418 /* We set the error to indicate this is (possibly) a
419 temporary error and that it does not mean the entry
420 is not available at all. */
421 errval = EAGAIN;
422 break;
424 use_malloc = true;
426 else
427 /* Allocate a new buffer on the stack. If possible combine it
428 with the previously allocated buffer. */
429 buffer = (char *) extend_alloca (buffer, buflen, 2 * buflen);
432 time_t timeout = cache_addserv (db, fd, req, key, serv, uid, he, dh, errval);
434 if (use_malloc)
435 free (buffer);
437 return timeout;
441 void
442 addservbyname (struct database_dyn *db, int fd, request_header *req,
443 void *key, uid_t uid)
445 addservbyX (db, fd, req, key, uid, NULL, NULL);
449 time_t
450 readdservbyname (struct database_dyn *db, struct hashentry *he,
451 struct datahead *dh)
453 request_header req =
455 .type = GETSERVBYNAME,
456 .key_len = he->len
459 return addservbyX (db, -1, &req, db->data + he->key, he->owner, he, dh);
463 void
464 addservbyport (struct database_dyn *db, int fd, request_header *req,
465 void *key, uid_t uid)
467 addservbyX (db, fd, req, key, uid, NULL, NULL);
471 time_t
472 readdservbyport (struct database_dyn *db, struct hashentry *he,
473 struct datahead *dh)
475 request_header req =
477 .type = GETSERVBYPORT,
478 .key_len = he->len
481 return addservbyX (db, -1, &req, db->data + he->key, he->owner, he, dh);