[systemd-devel] [PATCH 2/2] Fix a segfault in nscd when using nss-myhostname

Wed Feb 6 22:35:50 PST 2013

On Mon, Feb 04, 2013 at 03:56:26PM +0100, Eelco Dolstra wrote:
> Nscd expects that an NSS module's gethostbyname4_r function returns
> its first result in the pre-allocated gaih_addrtuple denoted by **pat.
> (See nscd/aicache.c in the Glibc sources.)  However, nss-myhostname
> doesn't fill in **pat but allocates the first result in ‘buffer’, then
> sets *pat.  So nscd crashes (e.g. when running ‘getent ahosts
> my-machine’).
> 
> Hard to tell if this is a bug in nscd, since there doesn't seem to be
> a proper API spec for gethostbyname4_r.  But in any case, this patch
> fixes the crash by copying the first result to **pat.
I guess it doesn't hurt much, and makes life much easier for nscd users.

Applied.

Zbyszek

> ---
>  src/nss-myhostname/nss-myhostname.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/src/nss-myhostname/nss-myhostname.c b/src/nss-myhostname/nss-myhostname.c
> index 834a806..b0fb832 100644
> --- a/src/nss-myhostname/nss-myhostname.c
> +++ b/src/nss-myhostname/nss-myhostname.c
> @@ -176,7 +176,11 @@ enum nss_status _nss_myhostname_gethostbyname4_r(
>          /* Verify the size matches */
>          assert(idx == ms);
>  
> -        *pat = r_tuple_prev;
> +        /* Nscd expects us to store the first record in **pat. */
> +        if (*pat)
> +                **pat = *r_tuple_prev;
> +        else
> +                *pat = r_tuple_prev;
>  
>          if (ttlp)
>                  *ttlp = 0;