Re: [PATCH] libsemanage: genhomedircon - improve handling large groups

[Petr Lautrbach <plautrba@redhat.com>]

Nicolas Iooss <nicolas.iooss@m4x.org> writes:

> On Wed, Feb 6, 2019 at 8:45 PM Petr Lautrbach 
> <plautrba@redhat.com> wrote:
>>
>> getgrnam_r() uses a preallocated buffer to store a structure 
>> containing
>> the broken-out fields of the record in the group database. The 
>> size of
>> this buffer is usually sysconf(_SC_GETGR_R_SIZE_MAX) == 1024 
>> and it is
>> not enough for groups with a large number of users.  In these 
>> cases,
>> getgrnam_r() returns -1 and sets errno to ERANGE and the caller 
>> can
>> retry with a larger buffer.
>>
>> Fixes:
>> $ semanage login -a -s user_u -r s0-s0:c1.c2 '%largegroup'
>> libsemanage.semanage_direct_commit: semanage_genhomedircon 
>> returned error code -1. (Numerical result out of range).
>> OSError: Numerical result out of range
>>
>> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
>> ---
>>  libsemanage/src/genhomedircon.c | 16 +++++++++++++---
>>  1 file changed, 13 insertions(+), 3 deletions(-)
>>
>> diff --git a/libsemanage/src/genhomedircon.c 
>> b/libsemanage/src/genhomedircon.c
>> index 591941fb..ac376671 100644
>> --- a/libsemanage/src/genhomedircon.c
>> +++ b/libsemanage/src/genhomedircon.c
>> @@ -1077,10 +1077,20 @@ static int 
>> get_group_users(genhomedircon_settings_t * s,
>>
>>         const char *grname = selogin + 1;
>>
>> -       if (getgrnam_r(grname, &grstorage, grbuf,
>> -                       (size_t) grbuflen, &group) != 0) {
>> -               goto cleanup;
>> +       errno = 0;
>> +       while (
>> +               (retval = getgrnam_r(grname, &grstorage, grbuf, 
>> (size_t) grbuflen, &group)) != 0 &&
>> +               errno == ERANGE
>> +       ) {
>> +               char *new_grbuf;
>> +               grbuflen *= 2;
>> +               new_grbuf = realloc(grbuf, grbuflen);
>> +               if (new_grbuf == NULL)
>> +                       goto cleanup;
>> +               grbuf = new_grbuf;
>>         }
>
> Hello,
> When reading this for loop, I am concerned about the case where 
> the
> member list exceeds 2Go on a system with a 32-bit CPU (where
> sizeof(long) = 4). Even if it seems very unlikely, if this ever
> happens, the loop will become infinite. Would you agree with 
> adding
> "&& grbuflen > 0" to the condition of the while statement?

Makes sense, I'll add it. Thanks.

> Anyway, if you do not agree, this patch looks good to me.
> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
>
> Thanks,
> Nicolas
>
>> +       if (retval == -1)
>> +               goto cleanup;

According to the man page this check is not correct. - "In case of
error, an error number is returned, and NULL is stored in 
*result."

I'll fix it as well.


>>         if (group == NULL) {
>>                 ERR(s->h_semanage, "Can't find group named 
>>                 %s\n", grname);
>> --
>> 2.20.1
>>